Siemens SIMATIC S7-1500 Missing Release of Memory after Effective Lifetime (CVE-2024-56779)

nfsd: fix nfs4openowner leak when concurrent nfsd4open occur The action force umountumount -f will attempt to kill all rpctask even umount operation may ultimately fail if some files remain open. Consequently, if an action attempts to open a file, it can potentially send two rpctask to nfs server...

Siemens SIMATIC S7-1500 Missing Release of Resource after Effective Lifetime (CVE-2024-2398)

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2023-52927)

netfilter: allow exp not to be removed in nfctfindexpectation Currently nfconntrackin calling nfctfindexpectation will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2024-56650)

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: fix LED ID check in ledtgcheck Syzbot has reported the following BUG detected by KASAN This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2019-20907)

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC S7-1500 Use After Free (CVE-2019-5018)

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2018-19591)

In the GNU C Library aka glibc or libc6 through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the ifnametoindex function. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2019-13627)

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-22822)

addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504286;...

Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2023-5981)

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 Use After Free (CVE-2024-49982)

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 aoe: fix the potential use-after- free problem in aoecmdcfgpkts makes tx calling devput instead of doing in aoecmdcfgpkts. It...

Siemens SIMATIC S7-1500 Improper Restriction of Recursive Entity References in DTDs (CVE-2021-3541)

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC S7-1500 Improper Validation of Array Index (CVE-2024-57996)

netsched: schsfq: vulnerability caused by incorrectly handling a packet limit of 1, leading to an array-index-out-of-bounds error and subsequent crash when the queue length is decremented for an empty slot. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21702)

pfifotailenqueue: Drop new packet when sch-limit == 0. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503912; scriptversion"1.2";...

Siemens SIMATIC S7-1500 Use After Free (CVE-2024-49884)

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4splitextentat. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; i...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2024-56570)

In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovldentryweird function to prevent the processing of directory inodes that lack the lookup function.This is important because such inodes can cause errors...

Siemens SIMATIC S7-1500 Improper Resource Locking (CVE-2024-26773)

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbtrybestfound. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Signed to Unsigned Conversion Error (CVE-2020-6096)

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2021-3580)

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE, SIMATIC S7-1500 Out-of-bounds Write (CVE-2022-1304)

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...