32 matches found
EUVD-2020-20139
Malware in sbrugna...
EUVD-2019-2640
Malware in sbrugna...
EUVD-2019-2639
Malware in sbrugna...
EUVD-2020-17931
Malware in sbrugna...
CVE-2020-27632
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions...
CVE-2020-25241
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
CVE-2019-10926
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an...
CVE-2019-10925
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Val...
Siemens PROFINET DCP Uncontrolled Resource Consumption (CVE-2017-2680)
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment Layer 2. Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. This plugin only works with Tenable.ot. Please visit...
CVE-2020-25241
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
CVE-2020-25241
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
Design/Logic Flaw
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
CVE-2020-25241
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
CVE-2020-25241
The CVE-2020-25241 entry concerns the SIMATIC MV400 family (all versions before 7.0.6). The underlying TCP stack does not correctly validate the sequence number of incoming TCP RST packets, enabling an attacker to terminate arbitrary TCP sessions. Affected products are Siemens SIMATIC MV400 devic...
CVE-2020-27632
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions...
CVE-2020-27632
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions...
Code injection
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions...
CVE-2020-27632
The CVE-2020-27632 issue affects the SIMATIC MV400 family prior to v7.0.6. The root cause is that the ISN generator is initialized with a constant value and uses constant increments, making initial sequence numbers highly predictable. This can enable an attacker to predict and hijack TCP sessions...
CVE-2020-27632
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions...
Siemens TCP Stack of SIMATIC MV400
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC MV400 Vulnerabilities: Improper Validation of Specified Index, Position, or Offset in Input; Use of Insufficiently Random Values 2. RISK EVALUATION Successful...