CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions: Siemens affected versions not specified Description: The issue is related to insufficient input validation in the web server of Siemens programmable logic controller PLC devices. This can be exploited by a remote attacker to cause a denial of...

7.8CVSS7.6AI score0.01401EPSS

Exploits0References4

CNVD•added 2019/03/21 12:0 a.m.•2 views

Denial of Service Vulnerability in S7 300 CPU319-3/CP343-1

Siemens China Ltd. is focused on electrification, automation and digitalization. A denial of service vulnerability exists in S7 300 CPU319-3/CP343-1, where an attacker can cause the PLC CPU module and CP module to go down, requiring a manual reboot of the PLC to recover. Other sub-function codes...

6.8AI score

Exploits0

OSV•added 2019/03/06 4:29 p.m.•2 views

CVE-2019-9590

An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service persistent failure mode by sending a series of \x19\xb2\x00\x00\x00\x06\x43\x01\x00\xac\xff\x00 aka UID 0x43 requests to TCP port 502...

7.5CVSS5.8AI score

Exploits0References1

BDU FSTEC•added 2019/01/22 12:0 a.m.•3 views

The vulnerability of Siemens Sinumerik programmable logic controllers lies in buffer overflows in their applications, which allow attackers to execute arbitrary code with elevated privileges.

The vulnerability of Siemens Sinumerik programmable logic controllers is related to buffer overflow attacks. Exploiting this vulnerability can allow attackers to execute arbitrary code with elevated privileges...

7.8CVSS8.1AI score0.0046EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2019/01/17 12:0 a.m.•6 views

The vulnerability of the TUNER web service on the TeNIX programmable logic controllers M1500 and M3000 allows a hacker to execute arbitrary code.

The vulnerability of the TUNER web service on the TeNIX programmable logic controllers M1500 and M3000 is related to the absence of name filtering when generating a 404 HTTP error page. As a result, the name of the non-existent webpage is passed unchanged to the generated error page. Exploiting...

6.8CVSS6AI score

Exploits0Affected Software1

CNVD•added 2018/12/02 12:0 a.m.•1 views

NA300 PLC has a logic design flaw

The NA300 PLC is a mid-size programmable controller. A logic design vulnerability exists in the NA300 PLC. An attacker can illegally read the internal logic program of the PLC by constructing specific packets...

6.8AI score

Exploits0

CNVD•added 2018/12/02 12:0 a.m.•3 views

Unauthorized operation vulnerability in NA300 PLC (CNVD-2018-26208)

The NA300 PLC is a mid-size programmable controller. An unauthorized operation vulnerability exists in the NA300 PLC. An attacker can exploit the vulnerability to remotely tamper with system inputs and outputs, variable values, etc...

6.8AI score

Exploits0

CNVD•added 2018/12/02 12:0 a.m.•2 views

Weak password vulnerability in NA300 PLC

The NA300 PLC is a mid-size programmable controller. A weak password vulnerability exists in the NNA300 PLC. An attacker could gain full control of the PLC through this vulnerability...

7.2AI score

Exploits0

CNVD•added 2018/12/02 12:0 a.m.•1 views

Buffer Overflow Vulnerability in NA300 PLCs

The NA300 PLC is a mid-size programmable controller. A buffer overflow vulnerability exists in the NA300 PLC. The vulnerability stems from et failing to properly handle functions. An attacker can overwrite the return address by constructing a variable length that exceeds variable v30...

7.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by