CVE-2020-7586

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier All versions, SIMATIC PCS 7 V9.0 All versions V9.0 SP3, SIMATIC PDM All versions V9.2, SIMATIC STEP 7 V5.X All versions V5.6 SP2 HF3, SINAMICS STARTER containing STEP 7 OEM version All versions V5.4 HF2. A buffer overflow...

CVE-2020-7584

A vulnerability has been identified in SIMATIC S7-200 SMART CPU family All versions = V2.2 V2.5.1. Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation...

CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attack...

CVE-2020-10048

A vulnerability has been identified in SIMATIC PCS 7 All versions, SIMATIC WinCC All versions V7.5 SP2. Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing...

CVE-2020-10054

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the...

CVE-2020-10050

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.10.2. The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts...

CVE-2020-10049

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.10.2. The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system...

CVE-2020-10052

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks...

CVE-2023-29106

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint...

CVE-2023-29103

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1, SIMATIC Cloud Connect 7 CC716 All versions V2.1. The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected dat...

CVE-2023-29107

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources...

CVE-2018-4843

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions V7.0.3, SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions V7.0.3, SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions V7.0.3, SIMATIC S7-400 CPU 416F-3 PN/DP V7 All versions V7.0.3, SIMATIC CP 343-1 incl. SIPLUS varian...

CVE-2025-40939

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service condition...

CVE-2025-40751

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credential...

CVE-2025-40940

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...

CVE-2023-29130

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.5. Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control...

CVE-2023-49621

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device...

CVE-2023-49252

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition...

CVE-2023-49251

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device...

CVE-2021-33737

A vulnerability has been identified in SIMATIC CP 343-1 incl. SIPLUS variants All versions, SIMATIC CP 343-1 Advanced incl. SIPLUS variants All versions, SIMATIC CP 343-1 ERPC All versions, SIMATIC CP 343-1 Lean incl. SIPLUS variants All versions, SIMATIC CP 443-1 All versions V3.3, SIMATIC CP...