Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Incorrect Calculation of Buffer Size (CVE-2024-50299)

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctpsfootb This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC Devices Race Condition (CVE-2024-27020)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix potential data-race in nftexprtypeget. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC and Ruggedcom ROX Devices Integer Overflow or Wraparound (CVE-2020-12762)

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC Devices Out-of-bounds Read (CVE-2023-39189)

A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnlosfaddcallback function did not validate the user mode controlled optnum field. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. This...

Siemens SIMATIC Devices Divide By Zero (CVE-2024-36905)

In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdownSENDSHUTDOWN for TCPSYNRECV sockets. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Race Condition (CVE-2024-49952)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prevent nfskbduplicated corruption. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2023-3772)

A flaw was found in the Linux kernel's IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer in xfrmupdateaeparams, leading to a possible kernel crash and denial of service. This plugin only...

Siemens SIMATIC Devices Observable Discrepancy (CVE-2024-0553)

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

Siemens SIMATIC Devices Missing Release of Memory after Effective Lifetime (CVE-2024-42070)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fully validate NFTDATAVALUE on store to data registers register store validation for NFTDATAVALUE is conditional, however, the datatype is always either NFTDATAVALUE or NFTDATAVERDICT. This only requires a ne...

Siemens SIMATIC Devices Out-of-bounds Read (CVE-2023-37453)

An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in readdescriptors in drivers/usb/core/sysfs.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Out-of-bounds Read (CVE-2024-46743)

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2023-2898)

There is a null-pointer-dereference flaw found in f2fswriteendio in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC Devices Stack-based Buffer Overflow (CVE-2023-4273)

This vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stac...

Siemens SIMATIC Devices Improper Control of Resource Identifiers (CVE-2024-26880)

In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC Devices Use After Free (CVE-2024-25062)

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. This plugin only works with Tenable.ot. Please...

Siemens SIMATIC Devices Race Condition (CVE-2024-53124)

net: fix data-races around sk skforwardalloc. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503783; scriptversion"1.1";...

Siemens RUGGEDCOM and SCALANCE Type Confusion (CVE-2024-49860)

CPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-57986)

HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503502;...

Siemens SIMATIC Devices and SCALANCE Out-of-bounds Write (CVE-2025-9230)

An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corrupti...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2025-21638)

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...