Siemens多款产品 资源管理错误漏洞

Siemens SIMATIC ET 200AL and others are products of Siemens, Germany.Siemens SIMATIC ET 200AL is a distributed I/O system module.Siemens SIMATIC ET 200MP is a modular I/O system module for use in control cabinets for high-density channel applications. Siemens SIMATIC ET 200SP is a distributed I/O...

CVE-2023-51440

A vulnerability has been identified in SIMATIC CP 343-1 6GK7343-1EX30-0XE0 All versions, SIMATIC CP 343-1 Lean 6GK7343-1CX10-0XE0 All versions, SIPLUS NET CP 343-1 6AG1343-1EX30-7XE0 All versions, SIPLUS NET CP 343-1 Lean 6AG1343-1CX10-2XE0 All versions. Affected products incorrectly validate TCP...

CVE-2023-51440

A vulnerability has been identified in SIMATIC CP 343-1 6GK7343-1EX30-0XE0 All versions, SIMATIC CP 343-1 Lean 6GK7343-1CX10-0XE0 All versions, SIPLUS NET CP 343-1 6AG1343-1EX30-7XE0 All versions, SIPLUS NET CP 343-1 Lean 6AG1343-1CX10-2XE0 All versions. Affected products incorrectly validate TCP...

CVE-2023-51440

CVE-2023-51440 affects Siemens SIMATIC CP 343-1 family and SIPLUS NET CP 343-1 devices (All versions). Root cause: improper verification of the TCP source/sequence, enabling unauthenticated remote attackers to induce DoS by injecting spoofed TCP RST packets. CVSS v3.1 base score 7.5 (HIGH); netwo...

Siemens SCALANCE Family Products Unsynchronized Access to Shared Data in a Multithreaded Context (CVE-2023-44374)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU, RUGGEDCOM RM1224 LTE4G NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router Annex A, SCALANCE M812-1 ADSL-Router Annex B, SCALANCE M816-1 ADSL-Router Annex A, SCALANCE M816-1 ADSL-Router Annex B, SCALANCE M826-2 SHDSL-Router, SCALANC...

CVE-2022-43716

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-15800)

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. The webserver of t...

Siemens SCALANCE X Products Missing Authentication For Critical Function (CVE-2020-15799)

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The vulnerability could allow an unauthenticated attacker to reboot the device over the network by usin...

Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-25226)

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The web server of the affected devices contains a vulnerability that may lead to a buffer overflow...

Siemens (CVE-2022-34819) (deprecated)

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions, SIMATIC CP 1243-1 All versions, SIMATIC CP 1243-7 LTE EU All versions, SIMATIC CP 1243-7 LTE US All versions, SIMATIC CP 1243-8 IRC All versions, SIMATIC CP 1542SP-1 IRC All versions = V2.0, SIMATIC CP 1543-1 All versions =...

CVE-2022-25754

A vulnerability has been identified in SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-7 EEC 2x 230V, SCALANCE X302-7 EEC 2x 230V, coated, SCALANCE X302-7 EEC 2x 24V, SCALANCE X302-7 EEC 2x 24V, coated, SCALANCE...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-7 EEC 2x 230V, SCALANCE X302-7 EEC 2x 230V, coated, SCALANCE X302-7 EEC 2x 24V, SCALANCE X302-7 EEC 2x 24V, coated, SCALANCE...

CVE-2021-33737

A vulnerability has been identified in SIMATIC CP 343-1 incl. SIPLUS variants All versions, SIMATIC CP 343-1 Advanced incl. SIPLUS variants All versions, SIMATIC CP 343-1 ERPC All versions, SIMATIC CP 343-1 Lean incl. SIPLUS variants All versions, SIMATIC CP 443-1 All versions V3.3, SIMATIC CP...

PT-2021-20312 · Siemens · Simatic Cp 343-1 +6

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 343-1 incl. SIPLUS variants All versions SIMATIC CP 343-1 Advanced incl. SIPLUS variants All versions SIMATIC CP 343-1 ERPC All versions SIMATIC CP 343-1 Lean incl. SIPLUS variants All versions SIMATIC CP 443-1 versions prior to V3...

CVE-2020-28391

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-200RNA switch family All versions V3.2.7. Devices create a new unique key upon factory reset...

CVE-2020-15799

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The vulnerability could allow an unauthenticated attacker to reboot the device over the network by usin...

CVE-2020-25226

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The web server of the affected devices contains a vulnerability that may lead to a buffer overflow...

Hardcoded credentials

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-200RNA switch family All versions V3.2.7. Devices create a new unique key upon factory reset...

CVE-2020-15799

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The vulnerability could allow an unauthenticated attacker to reboot the device over the network by usin...

CVE-2020-25226

Siemens SCALANCE X products are affected by CVE-2020-25226: heap-based/buffer overflow in the devices’ web server. Affected: SCALANCE X-200 (incl. SIPLUS NET) below v5.2.5, SCALANCE X-200IRT below v5.5.0, and SCALANCE X-300 below v4.1.0 (X-300 also affected by CVE-2020-15800 per ICS advisory). Ex...