314 matches found
Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25787)
Affected devices do not properly validate and sanitize Technology Object TO name rendered on the 'Motion Control Diagnostics' page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...
Siemens SIMATIC S7-1500 TM MFP Use After Free (CVE-2026-28387)
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28390)
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...
Siemens SIMATIC S7-1500 Incorrect Resource Transfer Between Spheres (CVE-2026-31431)
In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...
Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-38167)
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdrfirstde return value The hdrfirstde function returns a pointer to a struct NTFSDE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help...
Siemens SIMATIC S7-1500 Improper Input Validation(CVE-2025-38457)
In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion's patch 1 revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during...
Multiple vulnerabilities exist in the Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP add-on GNU/Linux subsystem.
The SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP is the central processing unit CPU of the Siemens S7-1500 series for high-performance, communication-demanding and complex automation tasks. Multiple vulnerabilities exist in the Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP add-on GNU/Linux subsystem,...
Siemens SIMATIC S7-1500 Use After Free (CVE-2025-38708)
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two- primaries enabled, DRBD tries to detect concurrent writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they end...
Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-2025-39697)
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...
Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2025-39783)
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a listdel on the epfgroup field of struct pciepfdriver in pciepfremovecfs is not correct as this field is a list head, not a list entry. This listdel call triggers a KASA...
Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-2025-39724)
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERRRESPEN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR Receive Buffer Register while the FIFO is enabled. In...
Siemens SIMATIC S7-1500 Improper Locking (CVE-2025-39773)
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in brmulticastqueryexpired When set multicastqueryinterval to a large value, the local variable 'time' in brmulticastsendquery may overflow. If the time is smaller than jiffies, the timer will expire...
Siemens SIMATIC S7-1500 Use of Uninitialized Resource (CVE-2025-38691)
In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the layoutupdatepages page array...
Siemens SIMATIC S7-1500 Improper Check for Unusual or Exceptional Conditions (CVE-2025-69420)
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
Siemens S7-1500 Use After Free (CVE-2025-7425)
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...
Siemens S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2025-11082)
A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be use...
Siemens S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2025-11494)
A vulnerability was found in GNU Binutils 2.45. Impacted is the function bfdx86elflatesizesections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Th...
Siemens S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2025-7546)
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...
Siemens S7-1500 NULL Pointer Dereference (CVE-2025-8224)
A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfdelfgetstrsection of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack...
Siemens S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2025-11412)
A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfdelfgcrecordvtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and...