12 matches found
CVE-2021-3449
CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...
CVE-2019-6568
CVE-2019-6568 describes a denial-of-service vulnerability in Siemens device webservers that can be triggered by network-originated requests, with no privileges required and no user interaction. Connected sources confirm the flaw affects multiple Siemens industrial products (e.g., SINAMICS family:...
CVE-2019-6575
CVE-2019-6575 affects Siemens industrial products using OPC UA, including SIMATIC CP443-1 OPC UA, ET 200 Open Controller CPU 1515SP PC2, HMI Outdoor Panels (7"/15"), HMI Comfort Panels (4"–22"), KTP Mobile Panels, IPC DiagMonitor, NET PC Software, RF188C, RF600R, S7‑1500 family, WinCC OA/Runtime,...
CVE-2020-7580
CVE-2020-7580 affects Siemens products (e.g., SIMATIC Automation Tool, STEP 7/TIA Portal, WinCC OA, ProSave, S7-1500 controllers, etc.). Root cause: a common component calls a helper binary with SYSTEM privileges while the call path is not quoted (unquoted search path/element CWE-428). This could...
CVE-2021-27384
CVE-2021-27384 is a concrete SmartVNC vulnerability: an out-of-bounds memory access in the device layout handler could allow code execution. Affected Siemens products include SmartVNC-enabled HMI/WinCC components (e.g., SIMATIC HMI Comfort Outdoor Panels, KTP Mobile Panels, WinCC Runtime Advanced...
CVE-2021-25660
The CVE-2021-25660 entry maps to Siemens SmartVNC/WinCC/HMI components with an out-of-bounds memory access vulnerability that can trigger a Denial-of-Service on the server side (and related variants on the client side). Affected products include SIMATIC HMI Comfort Outdoor Panels (various V15/V16...
CVE-2021-27385
CVE-2021-27385 affects Siemens SmartVNC-related components. A remote attacker can send specially crafted packets to the SmartVNC device layout handler on the client side, causing uncontrolled resource consumption and a Denial-of-Service (infinite loop) condition. Affected products include SIMATIC...
CVE-2021-27383
CVE-2021-27383 describes a heap allocation leak vulnerability in the SmartVNC server Tight encoder, causing a Denial-of-Service condition. Affected are Siemens SmartVNC deployments on various HMI/WinCC panels (e.g., SIMATIC HMI Comfort Outdoor Panels, Comfort Panels, KTP Mobile Panels, WinCC Runt...
CVE-2021-25662
The CVE-2021-25662 entry concerns SmartVNC’s handling of exceptions when the program execution process is modified after a packet is sent from the server, which could trigger a Denial-of-Service condition. Affected products include Siemens SIMATIC HMI Comfort Outdoor Panels (V15/V16 series), SIMA...
CVE-2021-27386
CVE-2021-27386 maps to a SmartVNC heap allocation leak vulnerability in the client-side device layout handler, leading to a potential Denial-of-Service . Affected products include Siemens/SmartVNC-enabled setups connected to SIMATIC HMI Comfort Outdoor Panels, HMI Comfort Panels, KTP Mobile Panel...
CVE-2021-25661
CVE-2021-25661 is an out-of-bounds memory access vulnerability in SmartVNC that can be triggered on the client side when data is sent from the server, potentially causing a Denial-of-Service. Affected products include SIMATIC WinCC Runtime Advanced and related HMI/SU panels (Outdoor Panels v15/v1...
CVE-2020-7592
The CVE-2020-7592 issue affects Siemens SIMATIC HMI panels and WinCC Runtime Advanced (all versions) where unencrypted communication between the configuration software and devices can allow an attacker on an adjacent network to capture plain text data and access sensitive information. Documented ...