Vulnerabilities > Siemens > Simatic S7 1500 CPU 1511 1 PN Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-46156 | Use After Free vulnerability in Siemens products Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. | 7.5 |
| 2023-09-12 | CVE-2023-28831 | Integer Overflow or Wraparound vulnerability in Siemens products The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. | 7.5 |
| 2023-01-10 | CVE-2022-38773 | Unspecified vulnerability in Siemens products Affected devices do not contain an Immutable Root of Trust in Hardware. low complexity siemens | 6.8 |
| 2022-12-13 | CVE-2021-40365 | Improper Input Validation vulnerability in Siemens products Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 7.5 |
| 2022-12-13 | CVE-2021-44693 | Improper Validation of Specified Quantity in Input vulnerability in Siemens products Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 4.9 |
| 2022-12-13 | CVE-2021-44694 | Improper Validation of Specified Type of Input vulnerability in Siemens products Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 5.5 |
| 2022-12-13 | CVE-2021-44695 | Improper Validation of Syntactic Correctness of Input vulnerability in Siemens products Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 4.9 |
| 2022-11-08 | CVE-2022-30694 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens products The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | 6.5 |
| 2020-04-14 | CVE-2019-19300 | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. | 7.5 |
| 2020-03-10 | CVE-2019-19281 | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. | 7.5 |