Siemens SIMATIC S7-1500 Use After Free (CVE-2023-4813)

A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-7309)

In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-1751)

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2023-52464)

"In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat: drivers/edac/thunderxedac.c: In function 'thunderxocxcomthreadedisr':...

Siemens SIMATIC S7-1500 Insecure Temporary File (CVE-2024-5742)

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-21864)

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2021-3520)

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability...

Siemens SIMATIC S7-1500 Use After Free (CVE-2024-56600)

net: inet6: do not leave a dangling sk pointer in inet6create sockinitdata attaches the allocated sk pointer to the provided sock object. If inet6create fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the soc...

Siemens SIMATIC S7-1500 Improper Restriction of XML External Entity Reference (CVE-2016-9318)

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity XXE attacks via a crafte...

Siemens SIMATIC S7-1500 Use After Free (CVE-2021-20231)

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Out-of-bounds Write (CVE-2020-21047)

"The libcpu component which is used by libasm of elfutils version 0.177 git 47780c9e, suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write CWE-787, off-by-one error CWE-193 and reachable assertion CWE-617 %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-52332)

igb: Fix potential invalid memory access in igbinitmodule The pciregisterdriver can fail and when this happened, the dcanotifier needs to be unregistered, otherwise the dcanotifier can be called when igb fails to install, resulting to invalid memory access. This plugin only works with Tenable.ot...

Siemens SIMATIC S7-1500 Divide By Zero (CVE-2019-16168)

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a severe division by zero in the query planner. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-42898)

PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow, and cause a denial of service ...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2023-39128)

GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'...

Siemens SIMATIC S7-1500 Use After Free (CVE-2021-20232)

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 809...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2023-29499)

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2020-12062)

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

Siemens SIMATIC S7-1500 Double Free (CVE-2022-42915)

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

Siemens SCALANCE, SIMATIC S7-1500 Use After Free (CVE-2022-23308)

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504132;...