3867 matches found
Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-42898)
PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow, and cause a denial of service ...
Siemens SIMATIC S7-1500 Insufficiently Protected Credentials (CVE-2021-22923)
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...
Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in a Command (CVE-2014-7209)
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-8457)
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out- of-bound read in the rtreenode function when handling invalid rtree tables. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...
Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2022-48522)
In Perl 5.34.0, function Sfinduninitvar in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Siemens SIMATIC S7-1500 Improper Validation of Array Index (CVE-2022-35737)
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array- bounds overflow if billions of bytes are used in a string argument to a C API. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable...
Siemens SIMATIC S7-1500 Insufficient Entropy (CVE-2019-15847)
The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...
Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2023-29383)
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2021-3580)
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2018-19591)
In the GNU C Library aka glibc or libc6 through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the ifnametoindex function. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2021-20305)
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...
Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-22822)
addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504286;...
Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2019-13627)
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2020-36227)
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancelextop Cancel operation, resulting in denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...
Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Out-of-bounds Write (CVE-2020-21047)
"The libcpu component which is used by libasm of elfutils version 0.177 git 47780c9e, suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write CWE-787, off-by-one error CWE-193 and reachable assertion CWE-617 %NASLMINLEVEL 80900 C Tenable, Inc...
Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-3857)
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects t...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2023-24329)
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...
Siemens SIMATIC and SCALANCE Protection Mechanism Failure (CVE-2023-4039)
A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2018-20482)
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...
Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-46908)
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. This plugin only works with Tenable.ot. Please visit...