Vulnerabilities > Siemens > Simatic S7 1500 Firmware > 1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-6575 | Uncaught Exception vulnerability in Siemens products A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. | 7.5 |
| 2019-04-17 | CVE-2019-6568 | Out-of-bounds Read vulnerability in Siemens products The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. | 7.5 |
| 2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 2.1 |
| 2018-03-20 | CVE-2018-4843 | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. | 6.5 |
| 2017-12-26 | CVE-2017-12741 | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl. | 7.8 |
| 2017-05-11 | CVE-2017-2681 | Resource Exhaustion vulnerability in Siemens products Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. | 6.1 |
| 2017-05-11 | CVE-2017-2680 | Resource Exhaustion vulnerability in Siemens products Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). | 6.1 |
| 2014-04-07 | CVE-2014-0160 | Out-of-bounds Read vulnerability in multiple products The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | 7.5 |