Siemens SICAM A8000 RTU Series Uncaught Exception (CVE-2018-13798)

A vulnerability has been identified in SICAM A8000 CP-8000 All versions V14, SICAM A8000 CP-802X All versions V14, SICAM A8000 CP-8050 All versions V2.00. Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service...

Race condition

A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU All versions V3.X.17, SIMATIC ET 200pro IM154-8F PN/DP CPU All versions V3.X.17, SIMATIC ET 200pro IM154-8FX PN/DP CPU All versions V3.X.17, SIMATIC ET 200S IM151-8 PN/DP CPU All versions V3.X.17, SIMATIC ET 200S IM151-8F...

CVE-2019-18335

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an...

Design/Logic Flaw

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an...

vqServer Detection

Checks whether vqServer is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU Gener...

Siemens En100 Unspecified Vulnerability

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Authorization

A vulnerability has been identified in Siveillance VMS 2017 R2 All versions V11.2a, Siveillance VMS 2018 R1 All versions V12.1a, Siveillance VMS 2018 R2 All versions V12.2a, Siveillance VMS 2018 R3 All versions V12.3a, Siveillance VMS 2019 R1 All versions V13.1a. An attacker with network access t...

CVE-2019-6582

A vulnerability has been identified in Siveillance VMS 2017 R2 All versions V11.2a, Siveillance VMS 2018 R1 All versions V12.1a, Siveillance VMS 2018 R2 All versions V12.2a, Siveillance VMS 2018 R3 All versions V12.3a, Siveillance VMS 2019 R1 All versions V13.1a. An attacker with network access t...

ICSA-19-162-01 Siemens Siveillance VMS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siveillance VMS Vulnerabilities: Improper Authorization, Incorrect User Management, Missing Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

CVE-2018-16558

A vulnerability has been identified in SIMATIC S7-1500 CPU All versions = V2.0 and V2.5, SIMATIC S7-1500 CPU All versions = V1.8.5. Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device...

CVE-2018-4841

A vulnerability has been identified in TIM 1531 IRC All versions V1.1. A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read...

Siemens TIM 1531 IRC

CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following TIM 1531 IRC communications modules: TIM 1531...

Cross site scripting

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into clicking...

Code injection

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected devic...

Design/Logic Flaw

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V1.81.2. An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use...

CVE-2017-12734

Siemens LOGO! 8 BM (incl. SIPLUS variants): all versions prior to V1.81.2 are affected by CVE-2017-12734 (Insufficiently Protected Credentials). An attacker with network access to the integrated web server on port 80/tcp can obtain the session ID of an active user session, requiring a logged-in u...

Siemens Viewport for Web Office Portal

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Viewport for Web Office Portal Vulnerability: Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following ViewPort for Web Office Portal products: ViewPort...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC S7-300 CPU family All versions, SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 PN/DP V6 and below CPU family incl. SIPLUS variants All versions, SIMATIC S7-400 PN/DP V7 CPU family incl. SIPLUS...

CVE-2016-7113

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

CVE-2016-7113

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...