Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38466)

In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAPSYSADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but d...

Siemens SIMATIC S7-1500 NULL Pointer Dereference(CVE-2025-38215)

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in doregisterframebuffer fails to allocate memory for fbvideomode, it will later lead to a null-ptr dereference in fbvideomodetovar,...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2025-38083)

In the Linux kernel, the following vulnerability has been resolved: netsched: prio: fix a race in priotune Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 1: lock root 2: qdisctreeflushbacklog 3: unlock root | ...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2025-38393)

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

Siemens S7-1500 Unchecked Return Value (CVE-2025-11839)

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tgtagtype of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This plugin onl...

Siemens SIMATIC S7-1500 Double Free (CVE-2021-22945)

When sending data to an MQTT server, libcurl = 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2019-12904)

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's position is...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2023-24329)

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SIMATIC S7-1500 Use of Uninitialized Resource (CVE-2024-42106)

In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Siemens SIMATIC S7-1500 Insufficient Verification of Data Authenticity (CVE-2021-22947)

When curl = 7.20.0 and = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade...

Siemens SIMATIC and SCALANCE Improper Access Control (CVE-2025-1390)

The PAM module pamcap.so of libcap configuration supports group names starting with @, during actual parsing, configurations not starting with @ are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to securi...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-7376)

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2019-1010025)

DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is ASLR bypass itself is not a vulnerability. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2024-42131)

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGESIZE units fit into 32-bit so that various multiplications fit into 64-bits. If limits end up bein...

Siemens SIMATIC S7-1500 Use After Free (CVE-2022-48560)

A use-after-free exists in Python through 3.9 via heappushpop in heapq. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503972; scriptversion"1.3"...

Siemens SIMATIC and SCALANCE Uncontrolled Recursion (CVE-2024-8176)

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2022-48522)

In Perl 5.34.0, function Sfinduninitvar in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2020-36227)

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancelextop Cancel operation, resulting in denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2023-23916)

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable links in this...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2023-32636)

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect gli...