Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2024-33600)

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This...

Siemens SIMATIC and SCALANCE Buffer Underflow (CVE-2025-4373)

GLib is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Siemens SIMATIC S7-1500 Uncontrolled Search Path Element (CVE-2020-8315)

In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. This...

Siemens SIMATIC S7-1500 Improper Resource Shutdown or Release (CVE-2019-6488)

The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for sizet in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2022-48522)

In Perl 5.34.0, function Sfinduninitvar in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2020-36227)

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancelextop Cancel operation, resulting in denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2023-27538)

libcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were...

Siemens SIMATIC and SCALANCE Protection Mechanism Failure (CVE-2023-4039)

A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21767)

In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migratedisable to avoid calling getrandomu32 in atomic context The following bug report happened with a PREEMPTRT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2024-39487)

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-13057)

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-46836)

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...

Siemens RUGGEDCOM ROX, SIMATIC S7-1500 Improper Certificate Validation (CVE-2022-27782)

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

Siemens SIMATIC S7-1500 Improper Check for Unusual or Exceptional Conditions (CVE-2019-19646)

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integritycheck PRAGMA command in certain cases of generated columns. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2020-8169)

The libcurl library versions 7.62.0 to and including 7.70.0 are vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS servers. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2024-36017)

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2021-41617)

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-5482)

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504254;...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-19190)

Buffer Overflow vulnerability in ncfindentry in tinfo/comphash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC S7-1500 Incorrect Type Conversion or Cast (CVE-2020-10735)

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are not...