2216 matches found
Vulnerabilities present in Siemens products
Siemens has identified vulnerabilities in various products, including SCALANCE, SIMATIC, SINAMICS, SIPROTEC, and TIA Portal. These vulnerabilities pose a threat to malicious actors, who could exploit them to cause the following types of damage: - Denial-of-Service DoS attacks - Data manipulation ...
Siemens SCALANCE Improper Validation of Integrity Check Value(CVE-2020-26141)
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check authenticity of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the...
Siemens SCALANCE Improper Authentication (CVE-2020-26139)
An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...
Siemens SCALANCE
SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...
Siemens SCALANCE and RUGGEDCOM Stack-based Buffer Overflow (CVE-2025-6141)
A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the file tinfo/parseentry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to...
Siemens SCALANCE and RUGGEDCOM Incorrect Authorization (CVE-2025-40567)
The Load Rollback functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with guest role to make the affected product roll back configuration changes made by privileged users. This plugin...
Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4330)
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor...
Siemens SCALANCE and RUGGEDCOM Out-of-bounds Write (CVE-2022-48174)
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...
Siemens SCALANCE and RUGGEDCOM Out-of-bounds Read (CVE-2025-9086)
A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path='/'. Since this site is not...
Siemens SCALANCE and RUGGEDCOM Use After Free (CVE-2023-42365)
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'...
Siemens SCALANCE and RUGGEDCOM Use After Free (CVE-2023-42364)
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...
Siemens SCALANCE and RUGGEDCOM Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2025-40569)
The Load Configuration from Local PC functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful...
Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2025-39865)
"In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in teeshmput teeshmput have NULL pointer dereference: opteedisableshmcache -- shm = regpairtoptr... %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505112;...
Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2025-39853)
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty listfirstentry never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fi...
Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2025-39839)
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen and checks only against skb-len. XOR starts at sizeofstruct batadvunicastpacket, reducing payload headroom, and the source skb length...
Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2023-39810)
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
Siemens SCALANCE and RUGGEDCOM Incorrect Authorization (CVE-2025-40568)
An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with guest role to terminate legitimate users' sessions. This plugin only works with Tenable.ot. Pleas...
Siemens SCALANCE and RUGGEDCOM Use After Free (CVE-2025-4516)
There is an issue in CPython when using bytes.decodeunicodeescape, error=ignore|replace. If you are not using the unicodeescape encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in a try-...
Siemens SCALANCE and RUGGEDCOM NULL Pointer Dereference (CVE-2024-8006)
Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcapfindalldevsex. One of the function arguments can be a filesystem path, which normally means a directory with...
Siemens Industrial Edge Devices Authorization Bypass Through User-Controlled Key (CVE-2025-40805)
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a...