Siemens SICAM Q100 Improper Input Validation (CVE-2022-43439)

A vulnerability has been identified in POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions...

Siemens SICAM Q100 Improper Input Validation (CVE-2022-43545)

A vulnerability has been identified in POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions...

Command injection

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by...

CVE-2023-28489

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by...

Siemens SCALANCE M875 Cross-site Scripting (CVE-2018-11448)

A vulnerability has been identified in SCALANCE M875 All versions. The web interface on port 443/tcp could allow a stored Cross-Site Scripting XSS attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web...

Siemens SCALANCE S-600 Uncontrolled Resource Consumption (CVE-2019-13926)

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold r...

Siemens SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2022-43546

A vulnerability has been identified in POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, POWER METER SICAM Q100 All versions V2.50, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions...

Siemens SIPROTEC 5 and DIGSI 5 Improper Input Validation (CVE-2019-10930)

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules All versions , DIGSI 5 engineering software All versions V7.90, SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87,...

Siemens SICAM A8000 RTU Series Uncaught Exception (CVE-2018-13798)

A vulnerability has been identified in SICAM A8000 CP-8000 All versions V14, SICAM A8000 CP-802X All versions V14, SICAM A8000 CP-8050 All versions V2.00. Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service...

VMware vCenter Server Path Traversal Vulnerability

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vCenter Server is vulnerable to a...

Race condition

A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU All versions V3.X.17, SIMATIC ET 200pro IM154-8F PN/DP CPU All versions V3.X.17, SIMATIC ET 200pro IM154-8FX PN/DP CPU All versions V3.X.17, SIMATIC ET 200S IM151-8 PN/DP CPU All versions V3.X.17, SIMATIC ET 200S IM151-8F...

CVE-2019-13925

CVE-2019-13925 affects Siemens SCALANCE S-600 family (S602, S612, S623, S627-2M) v3.0–v4.0.x, where specially crafted packets to port 443/tcp can cause an unbounded/ uncontrolled resource consumption and DoS on the web server. Root cause is an Uncontrolled Resource Consumption issue in the integr...

CVE-2019-13926

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionalit...

Design/Logic Flaw

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules All versions , DIGSI 5 engineering software All versions V7.90, SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87,...

CVE-2019-10931

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules All versions , DIGSI 5 engineering software All versions V7.90, SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87,...

CVE-2018-16558

A vulnerability has been identified in SIMATIC S7-1500 CPU All versions = V2.0 and V2.5, SIMATIC S7-1500 CPU All versions = V1.8.5. Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device...

CVE-2018-13807

A vulnerability has been identified in SCALANCE X300 All versions V4.0.0, SCALANCE X408 All versions V4.0.0, SCALANCE X414 All versions. The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The...

Cross site request forgery (csrf)

A vulnerability has been identified in SCALANCE M875 All versions. The web interface on port 443/tcp could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, wh...

CVE-2018-11448

CVE-2018-11448 affects Siemens SCALANCE M875 (All versions). The vulnerability is a stored Cross-Site Scripting (XSS) in the web interface on port 443/tcp. Exploitation requires access to the affected device’s web interface and authenticated administrative privileges; a legitimate user must subse...