EUVD-2025-201917

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service condition...

CVE-2025-40940

CVE-2025-40940 affects Siemens SIMATIC CN 4100 (all versions

CVE-2025-40938

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability...

PT-2025-49845

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...

The vulnerability of microprogrammed software in the programmable logic controller SIMATIC S7-200 SMART is related to the use of insufficiently random values, which allows a intruder to cause malfunctions during maintenance.

The vulnerability of microprogrammed software in the SIMATIC S7-200 SMART programmable logic controller is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to predict the IP address sequence numbers and trigger a...

The vulnerability of the intermediate installation process for microprogramming software on the SIMATIC CN 4100 allows a intruder to gain access to the system and obtain full control over the application.

The vulnerability of the intermediate installation process for microprogrammed communication gateway software SIMATIC CN 4100 relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to remotely gain access to the system and gain full...

CVE-2023-49252

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition...

The vulnerability of the microprogramming software for the SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA communication modules, related to uncontrolled resource consumption, allows attackers to execute an “ARP storm” attack and cause service failure.

The vulnerability of the microprogramming software for the SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA communication modules is related to an uncontrolled consumption of resources during the processing of ARP requests. Exploiting this vulnerability can allow attackers to execute an “ARP storm”...

Siemens SIMATIC Controller Web Servers Uncaught Exception (CVE-2020-15796)

A vulnerability has been identified in SIMATIC ET 200SP Open Controller incl. SIPLUS variants V20.8, SIMATIC S7-1500 Software Controller V20.8. The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a...

Siemens SIMATIC Controller Web Servers

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Controller Web Servers Vulnerability: Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...

The vulnerability of the Simatic programmable logic controller’s software, related to resource exhaustion, allows a intruder to trigger a service failure.

The vulnerability of the Simatic programmable logic controller’s software is related to the exhaustion of resources. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted UDP packets...

CVE-2019-18336

A vulnerability has been identified in SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions V3.X.17, SIMATIC TDC CP51M1 All versions V1.1.8, SIMATIC TDC CPU555 All versions V1.1.1, SINUMERIK 840D sl All versions V4.8.6, SINUMERIK 840D sl All versions V4.94. Speciall...

The vulnerability of the microprogramming software of Siemens Simatic S7-1200 programmable logic controllers allows a intruder to perform inter-site fraudulently by manipulating requests.

The software of the programmable logic controller Simatic S7-1200 contains a vulnerability in its built-in server port 80 TCP and port 443 TCP. Exploiting this vulnerability allows for inter-site request forgery attacks...

CVE-2012-3037

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate...