Vulnerabilities > Siemens > Simatic NET CP 443 1 OPC UA Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-06-04 CVE-2016-9042 Improper Input Validation vulnerability in multiple products
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9.
network
high complexity
ntp freebsd hpe siemens CWE-20
5.9
5.9
2017-03-27 CVE-2017-6458 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
network
low complexity
ntp hpe apple siemens CWE-119
8.8
8.8
2017-01-30 CVE-2016-2518 Out-of-bounds Read vulnerability in multiple products
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
network
low complexity
ntp debian netapp oracle redhat freebsd siemens CWE-125
5.3
5.3
2016-07-05 CVE-2016-4956 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.
network
low complexity
ntp oracle novell suse opensuse siemens
5.3
5.3
2016-07-05 CVE-2016-4955 Race Condition vulnerability in multiple products
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
network
high complexity
ntp oracle novell suse opensuse siemens CWE-362
5.9
5.9
2016-07-05 CVE-2016-4954 Race Condition vulnerability in multiple products
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
network
low complexity
ntp oracle suse opensuse siemens CWE-362
7.5
7.5
2016-07-05 CVE-2016-4953 Improper Authentication vulnerability in multiple products
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
network
low complexity
ntp oracle suse opensuse siemens CWE-287
7.5
7.5