84 matches found
CVE-2024-56182
A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC Field PG M6 All versions V26.01.12, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC...
CVE-2024-56181
A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC IPC PX-32A All versions V29.01.07, SIMATIC I...
CVE-2024-56182
A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC Field PG M6 All versions V26.01.12, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC...
CVE-2024-56181
A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC IPC PX-32A All versions V29.01.07, SIMATIC I...
CVE-2024-56182
A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC Field PG M6 All versions V26.01.12, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC...
CVE-2024-56181
CVE-2024-56181 affects Siemens SIMATIC devices (e.g., Field PG M5, IPC BX-21A/BX-32A/BX-39A/BX-59A, PX-32A/PX-39A, RC/RW families, IPC127E/227E/277E/3000/327G/347G/377G/427E/477E/527G/627E/647E/677E/847E, ITP1000, etc.). The vulnerability stems from insufficient protection of EFI variables stored...
CVE-2021-37185
A vulnerability has been identified in SIMATIC Drive Controller family All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 V4.0 SP1, SIPLUS TIM 1531 IRC All versions V2.3.6, TIM 1531 IRC All versions V2.3.6. An unauthenticated attacker could cause a denial-of-service condition in a PLC...
CVE-2022-34819
A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 V2.2.28, SIPLUS NET CP 1242-7 V2 All versions V3.3.46, SIPLUS NET CP 1543-1 All versions V3.0.22, SIPLUS S7-1200 CP 1243-1 All versions V3.3.46, SIPLUS S7-1200 CP 1243-1 RAIL All versions...
CVE-2022-47374
A vulnerability has been identified in SIMATIC PC-Station Plus All versions, SIMATIC S7-400 CPU 412-2 PN V7 All versions, SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416F-3 PN/D...
CVE-2019-19300
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN 6ES7157-1AB00-0AB0, SIMATIC ET 200eco PN, ...
The vulnerability of web-servers of microprogramming software for devices such as SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, allows a perpetrator to cause service interruptions.
The vulnerability of web-servers of microprogramming software for SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, is related to errors in variable name assignments. Exploiting this vulnerability can allow attackers to cause system failures...
CVE-2024-37992
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT 6GT2811-6BC10-2AA0 All versions V4.2, SIMATIC Reader RF610R ETSI 6GT2811-6BC10-0AA0 All versions V4.2, SIMATIC Reader RF610R FCC 6GT2811-6BC10-1AA0 All versions V4.2, SIMATIC Reader RF615R CMIIT 6GT2811-6CC10-2AA0 All versions V4....
CVE-2023-28827
A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.5.20...
CVE-2023-30755
A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.5.20...
CVE-2024-37994
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT 6GT2811-6BC10-2AA0 All versions V4.2, SIMATIC Reader RF610R ETSI 6GT2811-6BC10-0AA0 All versions V4.2, SIMATIC Reader RF610R FCC 6GT2811-6BC10-1AA0 All versions V4.2, SIMATIC Reader RF615R CMIIT 6GT2811-6CC10-2AA0 All versions V4....
CVE-2023-28827
A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.5.20...
CVE-2023-28827
A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.5.20...
Siemens InsydeH2O SMM Privilege Escalation (CVE-2020-5953)
A vulnerability exists in System Management Interrupt SWSMI handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT EFIRUNTIMESERVICES pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM escalating...
Siemens InsydeH2O Allocation of Resources Without Limits or Throttling (CVE-2021-41840)
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. Insyde...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32476)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non- SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...