16 matches found
EUVD-2018-5743
Malware in sbrugna...
Cross site scripting
A vulnerability has been identified in SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-7 EEC 2x 230V, SCALANCE X302-7 EEC 2x 230V, coated, SCALANCE X302-7 EEC 2x 24V, SCALANCE X302-7 EEC 2x 24V, coated, SCALANCE...
多款 Siemens 产品跨站脚本漏洞
SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. A cross-site scripting vulnerability exists in Siemens SCALANCE X-300 Switch Famil...
多款 Siemens 产品输入验证错误漏洞
SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.Siemens SCALANCE X-300 Switch Family Devices are vulnerable to an input validati...
多款 Siemens 产品缓冲区错误漏洞
SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. An out-of-bounds read vulnerability exists in Siemens SCALANCE X-300 Switch Family...
CVE-2020-28395
A vulnerability has been identified in SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a...
Siemens SCALANCE X Switches XSS
Binary data 720145.prm...
Siemens SCALANCE X Switches XSS
Binary data 720143.prm...
The vulnerability of Siemens SCALANCE X300 industrial switches’ web servers allows a hacker to trigger a service failure.
The vulnerability of Siemens SCALANCE X300 industrial switches involves insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to trigger service interruptions by sending specially crafted packets to the TCP port 443...
CVE-2018-13807
A vulnerability has been identified in SCALANCE X300 All versions V4.0.0, SCALANCE X408 All versions V4.0.0, SCALANCE X414 All versions. The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The...
CVE-2018-13807
A vulnerability has been identified in SCALANCE X300 All versions V4.0.0, SCALANCE X408 All versions V4.0.0, SCALANCE X414 All versions. The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The...
CVE-2018-13807
A vulnerability has been identified in SCALANCE X300 All versions V4.0.0, SCALANCE X408 All versions V4.0.0, SCALANCE X414 All versions. The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The...
Design/Logic Flaw
A vulnerability has been identified in SCALANCE X300 All versions V4.0.0, SCALANCE X408 All versions V4.0.0, SCALANCE X414 All versions. The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update E)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens Industrial Products DROWN Vulnerability (Update C)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-103-03B Siemens Industrial Products DROWN Vulnerability that was published June 15, 2017, on the NCCIC/ICS-CERT web site. Siemens has found that a DROWNa Decrypting RSA with Obsolete and Weakened eNcryption attac...
Siemens Industrial Products DROWN Vulnerability (Update C)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-103-03B Siemens Industrial Products DROWN Vulnerability that was published June 15, 2017, on the NCCIC/ICS-CERT web site. Siemens has found that a DROWNThe DROWN Attack, https://drownattack.com/, web site last...