333 matches found
CVE-2017-12734
Siemens LOGO! 8 BM (incl. SIPLUS variants): all versions prior to V1.81.2 are affected by CVE-2017-12734 (Insufficiently Protected Credentials). An attacker with network access to the integrated web server on port 80/tcp can obtain the session ID of an active user session, requiring a logged-in u...
CVE-2016-8562
A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these...
Design/Logic Flaw
A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices...
Design/Logic Flaw
A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these...
CVE-2016-8562
A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these...
CVE-2016-8561
A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices...
CVE-2016-8561
Summary (CVE-2016-8561) : The Siemens SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1 are affected (versions prior to 2.0.28). The root cause is improper privilege management (CWE-269), enabling users with elevated TIA-Portal and project-data access to gain privileged access on the device. The ICS adv...
CVE-2016-8562
Siemens SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1 (versions before 2.0.28) are affected by CVE-2016-8562. Under special conditions, SNMP variables on port 161/UDP, which should be read-only, can be written, potentially reducing availability or causing denial-of-service. The ICS advisory notes th...
CVE-2016-8562
A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these...
Code injection
A vulnerability has been identified in SIMATIC NET CP 342-5 incl. SIPLUS variants All versions, SIMATIC NET CP 343-1 Advanced incl. SIPLUS variants All versions V3.0.44, SIMATIC NET CP 343-1 Lean incl. SIPLUS variants All versions V3.1.1, SIMATIC NET CP 343-1 Standard incl. SIPLUS variants All...
Design/Logic Flaw
A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants Versions V5.0.0 for CVE-2013-3633 and versions V4.5.0 for CVE-2013-3634, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.1.0. The user privileges for the web interface are only...
CVE-2013-3634
A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants Versions V5.0.0 for CVE-2013-3633 and versions V4.5.0 for CVE-2013-3634, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.1.0. The implementation of SNMPv3 does not check the use...
CVE-2013-3634
Summary (concrete details present): Siemens SCALANCE X-200 and X-200IRT switches (incl. SIPLUS NET variants) are affected by two CVEs (CVE-2013-3633 and CVE-2013-3634). Root cause: SNMPv3 does not sufficiently check user credentials, enabling command execution via SNMP commands, and web interface...