Siemens SITOP UPS1600 Out-of-bounds Write (CVE-2023-26554)

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SITOP UPS1600 Out-of-bounds Write (CVE-2023-26553)

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SITOP UPS1600 Out-of-Bounds Write (CVE-2023-26552)

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products, including SCALANCE, SICAM, Tecnomatix, SITOP and PowerSys. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

Siemens SITOP UPS1600

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens Industrial Products with OPC UA

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC NET PC, SITOP Manager, TeleControl Server Basic Vulnerability: Null Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM Out-of-Bounds Read (CVE-2019-6568)

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with...

Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM Out-of-bounds Read (ICSA-19-099-06)

Binary data 720311.prm...

Siemens SITOP PSU8600 20A PROFINET Stabilized Power Supply

Binary data 764687.prm...

Siemens SITOP UPS1600 10A Uninterrupted Power Supply with Ethernet/PROFINET interface

Binary data 764692.prm...

Siemens SITOP UPS1600 40A Uninterrupted Power Supply with Ethernet/PROFINET interface

Binary data 764694.prm...

Siemens SITOP PSU8600 20A PROFINET Stabilized Power Supply

Binary data 764688.prm...

Multiple Siemens Products Denial of Service Vulnerabilities

Siemens CP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. A denial of service vulnerability exists in multiple Siemens products, which can be exploited by an attacker to cause a denial of service and a web server reboot...

Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update D)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update H)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update F)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update I)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update E)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...