Vulnerabilities > Siemens > Simatic S7 1500 Software Controller Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-46156 Use After Free vulnerability in Siemens products
Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition.
network
low complexity
siemens CWE-416
7.5
7.5
2023-09-12 CVE-2023-28831 Integer Overflow or Wraparound vulnerability in Siemens products
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.
network
low complexity
siemens CWE-190
7.5
7.5
2022-12-13 CVE-2021-40365 Improper Input Validation vulnerability in Siemens products
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
network
low complexity
siemens CWE-20
7.5
7.5
2022-12-13 CVE-2021-44693 Improper Validation of Specified Quantity in Input vulnerability in Siemens products
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
network
low complexity
siemens CWE-1284
4.9
4.9
2022-12-13 CVE-2021-44694 Improper Validation of Specified Type of Input vulnerability in Siemens products
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
network
low complexity
siemens CWE-1287
5.5
5.5
2022-12-13 CVE-2021-44695 Improper Validation of Syntactic Correctness of Input vulnerability in Siemens products
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
network
low complexity
siemens CWE-1286
4.9
4.9
2020-12-14 CVE-2020-15796 Uncaught Exception vulnerability in Siemens products
A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl.
network
low complexity
siemens CWE-248
7.5
7.5
2017-05-11 CVE-2017-2680 Resource Exhaustion vulnerability in Siemens products
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2).
low complexity
siemens CWE-400
6.5
6.5