Siemens SIMATIC S7-1500 Use After Free (CVE-2024-49982)

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 aoe: fix the potential use-after- free problem in aoecmdcfgpkts makes tx calling devput instead of doing in aoecmdcfgpkts. It...

Siemens SIMATIC S7-1500 Authentication Bypass by Spoofing (CVE-2020-13529)

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. Th...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2024-56570)

In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovldentryweird function to prevent the processing of directory inodes that lack the lookup function.This is important because such inodes can cause errors...

Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2023-5981)

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 Insufficiently Protected Credentials (CVE-2022-27774)

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...

Siemens SIMATIC S7-1500 Cleartext Transmission of Sensitive Information (CVE-2022-43551)

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2024-26671)

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-27775)

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Server-Side Request Forgery (SSRF) (CVE-2022-27780)

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

Siemens SIMATIC S7-1500 Heap-based Buffer Overflow (CVE-2023-4016)

Under some circumstances, this weakness allows a user who has access to run the ps utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...

Siemens SIMATIC S7-1500 Improper Resource Locking (CVE-2024-26773)

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbtrybestfound. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Insufficient Verification of Data Authenticity (CVE-2021-4122)

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-29573)

sysdeps/i386/ldbl2mpn.c in the GNU C Library aka glibc or libc6 before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a...

Siemens SIMATIC S7-1500 Signed to Unsigned Conversion Error (CVE-2020-6096)

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-37454)

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. This plugin only works with Tenable.ot...

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2018-20482)

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...

Siemens SIMATIC S7-1500 Deserialization of Untrusted Data (CVE-2023-32665)

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2024-50246)

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr allocsize check This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descripti...

Siemens SIMATIC and SCALANCE Integer Overflow to Buffer Overflow (CVE-2025-0725)

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. This plugin only works with Tenable.ot. Please...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-27779)

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's cookie engine can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...