Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38466)

In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAPSYSADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but d...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2025-38083)

In the Linux kernel, the following vulnerability has been resolved: netsched: prio: fix a race in priotune Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 1: lock root 2: qdisctreeflushbacklog 3: unlock root | ...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2025-38393)

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

Siemens SIMATIC S7-1500 NULL Pointer Dereference(CVE-2025-38215)

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in doregisterframebuffer fails to allocate memory for fbvideomode, it will later lead to a null-ptr dereference in fbvideomodetovar,...

Siemens S7-1500 Unchecked Return Value (CVE-2025-11839)

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tgtagtype of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This plugin onl...

Siemens SIMATIC S7-1500 Use After Free (CVE-2022-48560)

A use-after-free exists in Python through 3.9 via heappushpop in heapq. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503972; scriptversion"1.3"...

Siemens SIMATIC S7-1500 Expected Behavior Violation (CVE-2025-32728)

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC S7-1500 Insufficient Verification of Data Authenticity (CVE-2021-22947)

When curl = 7.20.0 and = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2022-48522)

In Perl 5.34.0, function Sfinduninitvar in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-22822)

addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504286;...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21702)

pfifotailenqueue: Drop new packet when sch-limit == 0. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503912; scriptversion"1.2";...

Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2019-12904)

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's position is...

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2023-23916)

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable links in this...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-3863)

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. This plugin only works wi...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-7376)

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-9169)

In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2023-52464)

"In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat: drivers/edac/thunderxedac.c: In function 'thunderxocxcomthreadedisr':...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2021-23336)

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

Siemens SIMATIC S7-1500 Double Free (CVE-2025-32988)

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2020-9327)

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...