Vulnerabilities > Siemens > Simatic S7 1200 CPU 1212C Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-13 | CVE-2021-40365 | Improper Input Validation vulnerability in Siemens products Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 7.5 |
| 2022-12-13 | CVE-2021-44693 | Improper Validation of Specified Quantity in Input vulnerability in Siemens products Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 4.9 |
| 2022-12-13 | CVE-2021-44694 | Improper Validation of Specified Type of Input vulnerability in Siemens products Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 5.5 |
| 2022-12-13 | CVE-2021-44695 | Improper Validation of Syntactic Correctness of Input vulnerability in Siemens products Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 4.9 |
| 2022-11-08 | CVE-2022-30694 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens products The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | 6.5 |
| 2022-02-09 | CVE-2021-37185 | Operation on a Resource after Expiration or Release vulnerability in Siemens products A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. | 7.5 |
| 2022-02-09 | CVE-2021-37204 | Operation on a Resource after Expiration or Release vulnerability in Siemens products A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. | 7.5 |
| 2022-02-09 | CVE-2021-37205 | Memory Leak vulnerability in Siemens products A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. | 7.5 |
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2019-10-10 | CVE-2019-10936 | Resource Exhaustion vulnerability in Siemens products Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. | 7.5 |