Siemens SIMATIC NET CP, SINEMA & SCALANCE Integer Overflow (CVE-2021-41991)

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random...

AlmaLinux 8 : kernel (ALSA-2021:0558)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:0558 advisory. - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor...

CVE-2021-40359

A vulnerability has been identified in OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd4, OpenPCS 7 V9.1 All versions, SIMATIC BATCH V8.2 All versions, SIMATIC BATCH V9.0 All versions, SIMATIC BATCH V9.1 All versions, SIMATIC NET PC Software V14 All versions, SIMATIC NET PC...

Authentication flaw

A vulnerability has been identified in OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd4, OpenPCS 7 V9.1 All versions, SIMATIC BATCH V8.2 All versions, SIMATIC BATCH V9.0 All versions, SIMATIC BATCH V9.1 All versions, SIMATIC NET PC Software V14 All versions, SIMATIC NET PC...

CVE-2021-40359

CVE-2021-40359 is a path traversal vulnerability in Siemens products (OpenPCS 7, SIMATIC BATCH, SIMATIC NET PC Software, SIMATIC PCS 7, SIMATIC Route Control, SIMATIC WinCC, etc.). The issue arises from improper neutralization of special elements in pathnames when downloading files, allowing an a...

PT-2021-22877 · Siemens · Openpcs 7 +5

Name of the Vulnerable Software and Affected Versions: OpenPCS 7 versions 7.0 through 9.1 SIMATIC BATCH versions 8.2 through 9.1 SIMATIC NET PC Software versions 14 through 17 SIMATIC PCS 7 versions 8.2 through 9.1 SIMATIC Route Control versions 8.2 through 9.1 SIMATIC WinCC versions 7.4 through ...

Siemens SIAMTIC CP343-1 缓冲区错误漏洞

The Communication Processor CP modules of the SIMATIC CP 343-1 and CP 443-1 series are designed to support the SIMATIC S7-300/S7-400 CPUs for Ethernet communication.The SIPLUS Extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP,...

Siemens SIMATIC NET CP Modules

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SIMATIC NET CP 443-1 OPC UA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC NET CP 443-1 OPC UA Vulnerabilities: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Incorrect Calculation, Classic Buffer...

CVE-2020-25242

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced incl. SIPLUS variants All versions, SIMATIC NET CP 343-1 Lean incl. SIPLUS variants All versions, SIMATIC NET CP 343-1 Standard incl. SIPLUS variants All versions. Specially crafted packets sent to TCP port 102 could cause a...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced incl. SIPLUS variants All versions, SIMATIC NET CP 343-1 Lean incl. SIPLUS variants All versions, SIMATIC NET CP 343-1 Standard incl. SIPLUS variants All versions. Specially crafted packets sent to TCP port 102 could cause a...

CVE-2020-25242

CVE-2020-25242 affects Siemens SIMATIC NET CP 343-1 devices (Advanced/Lean/Standard, including SIPLUS variants) across all versions. The vulnerability is an Uncontrolled Resource Consumption issue triggered by specially crafted packets sent to TCP port 102, allowing a remote DoS that may require ...

CVE-2020-25242

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced incl. SIPLUS variants All versions, SIMATIC NET CP 343-1 Lean incl. SIPLUS variants All versions, SIMATIC NET CP 343-1 Standard incl. SIPLUS variants All versions. Specially crafted packets sent to TCP port 102 could cause a...

CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

Design/Logic Flaw

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

CVE-2020-25705

CVE-2020-25705 is a Linux kernel ICMP handling flaw that lets an off-path attacker bypass UDP source port randomization and rapidly scan open UDP ports. Affected products include various kernel versions and embedded/Linux-based devices; remediation is via kernel updates (e.g., CentOS/AlmaLinux ad...

CVE-2020-7580

A vulnerability has been identified in SIMATIC Automation Tool All versions V4 SP2, SIMATIC NET PC Software V14 All versions V14 SP1 Update 14, SIMATIC NET PC Software V15 All versions, SIMATIC NET PC Software V16 All versions V16 Upd3, SIMATIC PCS neo All versions V3.0 SP1, SIMATIC ProSave All...

The vulnerability of the Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC process control systems allows a intruder to trigger a service failure.

The vulnerability of the Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC process control systems is related to an improper limitation on buffers for downloaded data. Exploiting this vulnerability can allow a malicious actor to cause service failures...