EUVD-2013-2719

Malware in sbrugna...

Siemens SIMATIC S7-1500 and S7-1200 CPUs URL Redirection to Untrusted Site (CVE-2024-46886)

The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted...

Siemens Industrial Product Denial of Service Vulnerability

SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...

Multiple Siemens Products Cross-Site Request Forgery Vulnerability

SIMATIC Drive Controllers are designed for the automation of production machines, combining the functionality of SIMATIC S7-1500 CPUs and SINAMICS S120 Drive Controllers.SIMATIC PC Station is a software component that manages the interface between SIMATIC software products and the PC. SIMATIC...

CVE-2022-38465

The CVE-2022-38465 issue affects Siemens products including SIMATIC Drive Controller family (pre-2.9.2), SIMATIC ET 200SP Open Controller CPUs (1515SP PC/PC2), SIMATIC S7-1200/1500 CPUs, S7-1500 Software Controller, S7-PLCSIM Advanced, SINUMERIK MC, and SINUMERIK ONE. Root cause: insufficient pro...

CVE-2022-38465

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2.9.2, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions V21.9, SIMATIC S7-1200 CPU family incl...

Siemens (CVE-2022-34820) (deprecated)

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions, SIMATIC CP 1243-1 All versions, SIMATIC CP 1243-7 LTE EU All versions, SIMATIC CP 1243-7 LTE US All versions, SIMATIC CP 1243-8 IRC All versions, SIMATIC CP 1542SP-1 IRC All versions = V2.0, SIMATIC CP 1543-1 All versions =...

Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerability

The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect SIMATIC S7-1200 controllers to a wide area network WAN. They provide integrated security features such as firewalls, virtual private networks VPNs, and support for other protocols with data encryption.The SIMATIC CP 1243-8 I...

Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerability

The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect SIMATIC S7-1200 controllers to a wide area network WAN. They provide integrated security features such as firewalls, virtual private networks VPNs, and support for other protocols with data encryption.The SIMATIC CP 1243-8 I...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC Drive Controller family All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 V4.0 SP1, SIPLUS TIM 1531 IRC All versions V2.3.6, TIM 1531 IRC All versions V2.3.6. An unauthenticated attacker could cause a denial-of-service condition in a PLC...

Denial of Service Vulnerability in Multiple Siemens Industrial Products (CNVD-2022-10003)

SIMATIC Drive Controller family products are machines designed for production automation, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such...

Siemens SIMATIC S7-1500 & S7-1200 Cross-Site Request Forgery (CVE-2014-2249)

Cross-site request forgery CSRF vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. This plugin only works...

Siemens SIMATIC S7-1200 and S7-1500 CPU Families Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2020-15782)

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2.9.2, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions V21.9, SIMATIC S7-1200 CPU family incl...

Siemens SIMATIC Improper Certificate Validation (CVE-2012-3037)

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. This plugin only works with Tenable.ot. Plea...

Siemens SIMATIC Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2019-10929)

Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices. This plugin only work...

Siemens SIMATIC S7-1200 CPU Family Version 4 Cross-Site Request Forgery (CVE-2018-13800)

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 All versions V4.2.3. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a...

Siemens SIMATIC S7-1200 and S7-1500 CPU Families Missing Support For Integrity Check (CVE-2019-10943)

An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the...

Siemens SIMATIC S7-1200 Improper Authentication (CVE-2021-37172)

A vulnerability has been identified in SIMATIC S7-1200 CPU family incl. SIPLUS variants V4.5.0. Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication an...

Siemens SIMATIC S7-1200 Missing Authentication Vulnerability

Siemens SIMATIC S7-1200 is an S7-1200 series PLC programmable logic controller from Siemens, Germany. The Siemens SIMATIC S7-1200 suffers from a security vulnerability that stems from the device's inability to authenticate itself based on a configured password. An attacker can exploit the...

CVE-2020-28397

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2 V2.5 V2.5 V21.9, TIM 1531 IRC incl. SIPLUS NET variants Version V2.1. Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program...