Siemens多款产品 资源管理错误漏洞

Siemens SIMATIC ET 200AL and others are products of Siemens, Germany.Siemens SIMATIC ET 200AL is a distributed I/O system module.Siemens SIMATIC ET 200MP is a modular I/O system module for use in control cabinets for high-density channel applications. Siemens SIMATIC ET 200SP is a distributed I/O...

The vulnerability of the web servers of the microprogramming software for communication modules of SIMATIC CP, SIPLUS ET, and SIPLUS NET CP allows a perpetrator to cause service failures.

The vulnerability of the web servers of the microprogramming software for communication modules of SIMATIC CP, SIPLUS ET, and SIPLUS NET CP is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability could allow a malicious actor to cause...

The vulnerability of the web servers of the microprogramming software for communication modules of SIMATIC CP, SIPLUS ET, and SIPLUS NET CP allows a perpetrator to cause service interruptions.

The vulnerability of the web servers of microprogramming software for communication modules of SIMATIC CP, SIPLUS ET, and SIPLUS NET CP is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of microprogrammed communication module software for SIMATIC CP 343-1, SIMATIC CP 343-1 Lean, SIPLUS NET CP 343-1, and SIPLUS NET CP 343-1 Lean arises from insufficient verification of the communication channel source. This vulnerability allows attackers to trigger service failures.

The vulnerability of microprogrammed communication module software for SIMATIC CP 343-1, SIMATIC CP 343-1 Lean, SIPLUS NET CP 343-1, and SIPLUS NET CP 343-1 Lean is related to insufficient verification of the communication channel source. Exploiting this vulnerability can allow a malicious actor ...

CVE-2023-51440

A vulnerability has been identified in SIMATIC CP 343-1 6GK7343-1EX30-0XE0 All versions, SIMATIC CP 343-1 Lean 6GK7343-1CX10-0XE0 All versions, SIPLUS NET CP 343-1 6AG1343-1EX30-7XE0 All versions, SIPLUS NET CP 343-1 Lean 6AG1343-1CX10-2XE0 All versions. Affected products incorrectly validate TCP...

CVE-2023-51440

A vulnerability has been identified in SIMATIC CP 343-1 6GK7343-1EX30-0XE0 All versions, SIMATIC CP 343-1 Lean 6GK7343-1CX10-0XE0 All versions, SIPLUS NET CP 343-1 6AG1343-1EX30-7XE0 All versions, SIPLUS NET CP 343-1 Lean 6AG1343-1CX10-2XE0 All versions. Affected products incorrectly validate TCP...

CVE-2023-51440

CVE-2023-51440 affects Siemens SIMATIC CP 343-1 family and SIPLUS NET CP 343-1 devices (All versions). Root cause: improper verification of the TCP source/sequence, enabling unauthenticated remote attackers to induce DoS by injecting spoofed TCP RST packets. CVSS v3.1 base score 7.5 (HIGH); netwo...

Siemens SCALANCE Family Products Unsynchronized Access to Shared Data in a Multithreaded Context (CVE-2023-44374)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU, RUGGEDCOM RM1224 LTE4G NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router Annex A, SCALANCE M812-1 ADSL-Router Annex B, SCALANCE M816-1 ADSL-Router Annex A, SCALANCE M816-1 ADSL-Router Annex B, SCALANCE M826-2 SHDSL-Router, SCALANC...

The vulnerability of the web server of the microprogramming software for communication modules of SIMATIC CP, SIPLUS NET CP 1543-1, and the servo drive system SINAMICS S210 allows a intruder to cause service interruptions.

The vulnerability of the web server of the microprogramming software for communication modules of SIMATIC CP, SIPLUS NET CP 1543-1, and the servo drive system SINAMICS S210 is related to the lack of a mechanism for releasing memory. Exploiting this vulnerability could allow an attacker, operating...

CVE-2022-43716

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

Siemens SCALANCE X Products Missing Authentication For Critical Function (CVE-2020-15799)

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The vulnerability could allow an unauthenticated attacker to reboot the device over the network by usin...

Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-15800)

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. The webserver of t...

Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-25226)

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The web server of the affected devices contains a vulnerability that may lead to a buffer overflow...

Siemens (CVE-2022-34819) (deprecated)

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions, SIMATIC CP 1243-1 All versions, SIMATIC CP 1243-7 LTE EU All versions, SIMATIC CP 1243-7 LTE US All versions, SIMATIC CP 1243-8 IRC All versions, SIMATIC CP 1542SP-1 IRC All versions = V2.0, SIMATIC CP 1543-1 All versions =...

The vulnerability of microprogrammed software in industrial switches such as SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1, SCALANCE X408-2, SCALANCE XR324-4M, and SCALANCE XR324-12M lies in buffer overflows in the stack. This allows attackers to execute arbitrary code.

The vulnerability of the microprogrammed software of industrial switches SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1, SCALANCE X408-2, SCALANCE XR324-4M, and SCALANCE XR324-12M, SIPL...

The vulnerability of microprogrammed software in industrial switches such as SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1, SCALANCE X408-2, SCALANCE XR324-4M, and SCALANCE XR324-12M lies in the copying of buffers without checking the size of the input data. This allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software in industrial switches SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1, SCALANCE X408-2, SCALANCE XR324-4M, and SCALANCE XR324-12M, SIPL...

The vulnerability of microprogrammed software in communication modules of SIMATIC CP 1543-1 and SIPLUS NET CP arises from insufficient validation of input data. This allows attackers to trigger service failures.

The vulnerability of microprogrammed communication module software for SIMATIC CP 1543-1 and SIPLUS NET CP is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures by sending specially crafted packets to port 161/udp...

CVE-2022-25754

A vulnerability has been identified in SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-7 EEC 2x 230V, SCALANCE X302-7 EEC 2x 230V, coated, SCALANCE X302-7 EEC 2x 24V, SCALANCE X302-7 EEC 2x 24V, coated, SCALANCE...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-7 EEC 2x 230V, SCALANCE X302-7 EEC 2x 230V, coated, SCALANCE X302-7 EEC 2x 24V, SCALANCE X302-7 EEC 2x 24V, coated, SCALANCE...

CVE-2021-33737

A vulnerability has been identified in SIMATIC CP 343-1 incl. SIPLUS variants All versions, SIMATIC CP 343-1 Advanced incl. SIPLUS variants All versions, SIMATIC CP 343-1 ERPC All versions, SIMATIC CP 343-1 Lean incl. SIPLUS variants All versions, SIMATIC CP 443-1 All versions V3.3, SIMATIC CP...