Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2020-36223)

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service double free and out-of-bounds read. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-19906)

cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in sasladdstring in common.c in cyrus-sasl. This plugin only works with Tenable.o...

Siemens SIMATIC S7-1500 Heap-based Buffer Overflow (CVE-2025-3277)

An integer overflow can be triggered in SQLite's 'concatws' function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

Siemens SCALANCE, SIMATIC S7-1500 Use After Free (CVE-2022-23308)

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504132;...

Siemens SIMATIC S7-1500 Use After Free (CVE-2020-1712)

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in an SQL Command (CVE-2022-29155)

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

Siemens SIMATIC S7-1500 Improper Resource Locking (CVE-2024-26679)

In the Linux kernel, the following vulnerability has been resolved: inet: read sk-skfamily once in inetrecverror This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2022-45873)

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2021-27212)

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service daemon exit via a short timestamp. This is related to schemainit.c and checkTime. This plugin only works...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2023-29499)

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

Siemens SIMATIC S7-1500 Use After Free (CVE-2021-20227)

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21724)

iommufd/iovabitmap: Fix shift-out-of-bounds in iovabitmapoffsettoindex. Resolve a UBSAN shift-out-of-bounds issue in iovabitmapoffsettoindex where shifting the constant 1 of type int by bitmap-mapped.pgshift an unsigned long value could result in undefined behavior. The constant 1 defaults to a...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2024-53217)

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2020-29362)

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap- based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS11 function call, the receiving...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2021-20305)

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2016-4658)

xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free an...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-1751)

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest...

Siemens SIMATIC S7-1500 Use After Free (CVE-2021-3516)

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. This plugin only works with Tenable.ot...

Siemens SIMATIC S7-1500 Use After Free (CVE-2023-4813)

A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in a Command (CVE-2014-7209)

run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...