Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-19187)

Buffer Overflow vulnerability in fmtentry function in progs/dumpentry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVE...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-3857)

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects t...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2023-27533)

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and telnet options during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform optio...

Siemens SIMATIC S7-1500 Improper Restriction of Recursive Entity References in DTDs (CVE-2023-52426)

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2022-1271)

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2021-46143)

In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow exists for mgroupSize. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2024-26596)

net: dsa: netdevpriv dereference before check on non-DSA netdevice events. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503958;...

Siemens SIMATIC and SCALANCE Improper Access Control (CVE-2025-1390)

The PAM module pamcap.so of libcap configuration supports group names starting with @, during actual parsing, configurations not starting with @ are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to securi...

Siemens SIMATIC S7-1500 Insufficient Entropy (CVE-2019-15847)

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-19189)

Buffer Overflow vulnerability in postprocessterminfo function in tinfo/parseentry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 Cleartext Transmission of Sensitive Information (CVE-2022-30115)

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

Siemens SIMATIC S7-1500 Use After Free (CVE-2022-43552)

curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struc...

Siemens SIMATIC S7-1500 Buffer Over-read (CVE-2024-34459)

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2023-27371)

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

Siemens SIMATIC S7-1500 Uncontrolled Recursion (CVE-2020-12243)

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

Siemens SIMATIC S7-1500 Double Free (CVE-2022-2509)

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutlspkcs7verify function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3861)

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin on...

Siemens SIMATIC S7-1500 Improper Encoding or Escaping of Output (CVE-2022-25235)

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2025-29088)

A vulnerability in sqlite allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE component. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2020-19909)

Integer overflow vulnerability in tooloperate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may in theory cause a denial of service to associated systems or networks if, for example,...