Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-19185)

Buffer Overflow vulnerability in oneonemapping function in progs/dumpentry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 Heap-based Buffer Overflow (CVE-2023-38545)

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes. If the hostname ...

Siemens SIMATIC S7-1500 Signal Handler Race Condition (CVE-2025-4598)

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non- SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origin...

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2023-23916)

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable links in this...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2021-37750)

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c via a FAST inner body that lacks a server field. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-5094)

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. This plugin only...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3862)

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin...

Siemens SIMATIC S7-1500 Use of Incorrectly-Resolved Name or Reference (CVE-2022-27778)

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Inefficient Algorithmic Complexity (CVE-2024-12133)

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...

Siemens SIMATIC S7-1500 Buffer Copy without Checking Size of Input (CVE-2020-12723)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive Sstudychunk calls. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21702)

pfifotailenqueue: Drop new packet when sch-limit == 0. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503912; scriptversion"1.2";...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2024-45492)

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals SIZEMAX. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2024-28834)

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2020-29361)

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. This plugin only works with Tenable.ot. Plea...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2024-40901)

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/setbit operating in non-allocated memory. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2024-2004)

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

Siemens SIMATIC S7-1500 Use After Free (CVE-2021-3516)

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. This plugin only works with Tenable.ot...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2019-1010022)

DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indica...

Siemens SIMATIC and SCALANCE Buffer Underflow (CVE-2025-4373)

GLib is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-3855)

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. This plugin...