A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 15...
7.5CVSS
7.4AI Score
0.001EPSS
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
7.5CVSS
7.3AI Score
0.001EPSS
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
4.9CVSS
5.7AI Score
0.001EPSS
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
5.5CVSS
5.9AI Score
0.001EPSS
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
4.9CVSS
5.7AI Score
0.001EPSS
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
6.5CVSS
4.6AI Score
0.001EPSS
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.
6.8CVSS
6.7AI Score
0.001EPSS
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by send...
7.5CVSS
7.5AI Score
0.002EPSS
Affected devices improperly handle specially crafted packets sent to port 102/tcp.This could allow an attacker to create a denial of service condition. A restart is needed to restorenormal operations.
7.5CVSS
7.4AI Score
0.001EPSS