Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2020-13631)

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-46908)

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM ROX, SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2022-27781)

libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. Th...

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Out-of-bounds Write (CVE-2023-29491)

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. This plugin only works with...

Siemens SIMATIC S7-1500 Missing Initialization of Resource (CVE-2021-22898)

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

Siemens SIMATIC S7-1500 Missing Release of Memory after Effective Lifetime (CVE-2019-20388)

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Siemens SIMATIC S7-1500 Use After Free (CVE-2021-3518)

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. This plugin only works...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2021-4209)

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. This plugin only works with Tenable.ot. Pleas...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2024-40901)

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/setbit operating in non-allocated memory. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Use After Free (CVE-2024-53166)

block, bfq: bfqq uaf in bfqlimitdepth Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-lock, however bfqlimitdepth is deferencing bfqq from bic without the lock, this can lead to UAF if the iocontext is shared by multiple tasks. This plugin only works with...

Siemens SIMATIC S7-1500 Stack-based Buffer Overflow (CVE-2023-52612)

In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req-dst buffer overflow The req-dst buffer size should be checked before copying from the scompscratch-dst to avoid req-dst buffer overflow problem. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2024-28834)

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21758)

ipv6: mcast: add RCU protection to mldnewpack mldnewpack can be called without RTNL or RCU being held. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Siemens SIMATIC and SCALANCE Uncontrolled Recursion (CVE-2024-8176)

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

Siemens SIMATIC S7-1500 Buffer Copy without Checking Size of Input (CVE-2021-3177)

Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2019-19244)

Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, In...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2023-34969)

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemo...

Siemens SIMATIC S7-1500 Unchecked Return Value (CVE-2021-4189)

A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2019-19880)

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

Siemens SIMATIC S7-1500 Use After Free (CVE-2019-5018)

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...