20 matches found
EUVD-2020-20139
Malware in sbrugna...
CVE-2020-25241
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
CVE-2019-10925
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Val...
CVE-2020-25241
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
CVE-2020-25241
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
Design/Logic Flaw
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
CVE-2020-25241
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...
CVE-2020-25241
The CVE-2020-25241 entry concerns the SIMATIC MV400 family (all versions before 7.0.6). The underlying TCP stack does not correctly validate the sequence number of incoming TCP RST packets, enabling an attacker to terminate arbitrary TCP sessions. Affected products are Siemens SIMATIC MV400 devic...
CVE-2020-27632
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions...
Code injection
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions...
CVE-2020-27632
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions...
CVE-2020-27632
The CVE-2020-27632 issue affects the SIMATIC MV400 family prior to v7.0.6. The root cause is that the ISN generator is initialized with a constant value and uses constant increments, making initial sequence numbers highly predictable. This can enable an attacker to predict and hijack TCP sessions...
Siemens TCP Stack of SIMATIC MV400
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC MV400 Vulnerabilities: Improper Validation of Specified Index, Position, or Offset in Input; Use of Insufficiently Random Values 2. RISK EVALUATION Successful...
CVE-2019-10926
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an...
CVE-2019-10925
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Val...
Privilege escalation
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an...
Code injection
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Val...
CVE-2019-10925
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Val...
CVE-2019-10926
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an...
CVE-2019-10926
The CVE-2019-10926 issue affects the SIMATIC MV400 family (MV440) with all versions prior to v7.0.6. It is a Cleartext Transmission of Sensitive Information vulnerability (CWE-319) where data exchanged between the device and user is not encrypted, allowing a privileged-network attacker to eavesdr...