Siemens SIMATIC S7-1500 Improper Certificate Validation (CVE-2024-2379)

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. This plugin only works wi...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3860)

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Improper Handling of Exceptional Conditions (CVE-2019-19924)

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite error handling. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-3826)

Heap/stack buffer overflow in the dlanglname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service segmentation fault and crash via a crafted mangled symbol. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2025-26466)

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2023-52444)

"In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link1: f2fsrename ... if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC S7-1500 Use After Free (CVE-2023-45322)

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-5094)

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. This plugin only...

Siemens SIMATIC S7-1500 Improper Handling of Length Parameter Inconsistency (CVE-2024-37370)

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Improper Neutralization of CRLF Sequences (CVE-2019-9947)

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in a Command (CVE-2014-7209)

run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2016-4658)

xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free an...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2024-53217)

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2020-24977)

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2024-49881)

In the Linux kernel, the following vulnerability has been resolved: ext4: update origpath in ext4findextent. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descripti...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2021-37750)

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c via a FAST inner body that lacks a server field. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2023-23916)

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable links in this...

Siemens RUGGEDCOM ROX, SIMATIC S7-1500 Improper Authentication (CVE-2022-22576)

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

Siemens SIMATIC S7-1500 Incomplete Cleanup (CVE-2024-26835)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: set dormant flag on hook register failure This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2023-28531)

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...