A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device...
7.1CVSS
6.7AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an...
5.3CVSS
5.1AI Score
0.003EPSS
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limitinternal resource allocation when multiple legitimate diagnostic packagerequests are sent to the DCE-RPC interface.This could lead to a denial of service condition due to lack of memoryfor devices that include a vulnerable version ...
7.5CVSS
7.4AI Score
0.001EPSS
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions.
7.5CVSS
7.4AI Score
0.001EPSS