Simatic S7 1500 CPU Firmware

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-12	CVE-2022-25622	Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L, SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, DI 16x24VDC, M12-L, SIMATIC ET200ecoPN, DI 8x24VDC, M12-L, SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L, SIMATIC ET200MP IM155-5 PN HF (incl. network low complexity siemens CWE-400	7.5
2019-10-10	CVE-2019-10936	Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. network low complexity siemens CWE-400	7.5
2016-02-08	CVE-2016-2201	Improper Input Validation vulnerability in Siemens Simatic S7-1500 CPU Firmware 1.8.2 Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. network low complexity siemens CWE-20	5.0
2016-02-08	CVE-2016-2200	Improper Input Validation vulnerability in Siemens Simatic S7-1500 CPU Firmware 1.5.1/1.6/1.8.2 Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102. network low complexity siemens CWE-20	7.8
2014-08-17	CVE-2014-5074	Denial of Service vulnerability in Siemens SIMATIC S7-1500 Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets. network siemens	7.1
2014-03-16	CVE-2014-2259	Denial of Service vulnerability in Siemens SIMATIC S7-1500 Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets. network low complexity siemens	7.8
2014-03-16	CVE-2014-2257	Denial of Service vulnerability in Siemens SIMATIC S7-1500 Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets. network low complexity siemens	7.8
2014-03-16	CVE-2014-2255	Denial of Service vulnerability in Siemens SIMATIC S7-1500 Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets. network low complexity siemens	7.8
2014-03-16	CVE-2014-2253	Denial of Service vulnerability in Siemens SIMATIC S7-1500 Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. low complexity siemens	6.1
2014-03-16	CVE-2014-2251	Insufficient Entropy vulnerability in Siemens SIMATIC S7-1500 The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors. network siemens	8.3