1740 matches found
Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2024-41055)
In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 mm/sparsemem: fix race in accessing memorysection-usage changed pfnsectionvalid to add a READONCE call around ms-usage to fix a race with sectiondeactivate...
Siemens SCALANCE LPE9403 Improper Limitation of a Pathname to a Restricted Directory (CVE-2025-27397)
Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' . This...
Siemens SCALANCE X-200RNA Switch Devices NULL Pointer Dereference (CVE-2015-0291)
The sigalgs implementation in t1lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash by using an invalid signaturealgorithms extension in the ClientHello message during a renegotiation. This plugin only works with...
Siemens SCALANCE X-200RNA Switch Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2015-0292)
Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact v...
Siemens SCALANCE X-200RNA Switch Devices Improper Authentication (CVE-2016-1908)
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues ...
Siemens SCALANCE X-200RNA Switch Devices Integer Overflow or Wraparound (CVE-2016-2177)
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap- buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to...
Siemens SCALANCE X-200RNA Switch Devices Incorrect Permission Assignment for Critical Resource (CVE-2017-15906)
The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Siemens SCALANCE X-200RNA Switch Devices Use After Free (CVE-2015-0209)
Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...
Siemens SCALANCE X-200RNA Switch Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2016-0778)
The 1 roamingread and 2 roamingwrite functions in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service heap-based...
Siemens SCALANCE X-200RNA Switch Devices Improper Input Validation (CVE-2016-0797)
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service heap memory corruption or NULL pointer dereference or possibly have unspecified other impact via a long digit string that is mishandled by the 1 BNdec2bn or 2...
Siemens SCALANCE X-200RNA Switch Devices Incorrect Calculation (CVE-2015-1794)
The ssl3getkeyexchange function in ssl/s3clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service segmentation fault via a zero p value in an anonymous Diffie-Hellman DH ServerKeyExchange message. This plugin only works with Tenable.ot. Please visit...
Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-0702)
The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...
Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2015-5600)
The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard- interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service CPU consumpti...
Siemens SCALANCE X-200RNA Switch Devices NULL Pointer Dereference (CVE-2015-1790)
The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob that uses ASN.1 encoding and lack...
Siemens SCALANCE X-200RNA Switch Devices Out-of-bounds Read (CVE-2016-6306)
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service out- of-bounds read via crafted certificate operations, related to s3clnt.c and s3srvr.c. This plugin only works with Tenable.ot. Please visit...
Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-0777)
The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. This plugin only works with...
Siemens SCALANCE X-200RNA Switch Devices Out-of-bounds Write (CVE-2016-2182)
The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknown vectors. This plugin only...
Siemens SCALANCE X-200RNA Switch Devices Observable Timing Discrepancy (CVE-2003-0190)
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. This plugin only works with Tenable.ot. Please visit...
Siemens InsydeH2O Plaintext Storage of a Password (CVE-2021-38489)
An issue was discovered in the the HddPasswordPei driver of the Insyde InsydeH2O 5.x. HDD password is stored in plaintext. This plugin only works with Tenable.ot Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc';...
Westermo EDW-100 Use of Hard-Coded Password (CVE-2024-36080)
Westermo EDW-100 has a hidden administrator account with a hardcoded password. In the firmware package, in 'image.bin', the username root and the password for this account are both hard-coded and exposed as strings that can trivially be extracted. Currently there is no way to change this password...