Vulnerabilities > Siemens > Simatic S7 CPU 1200 Firmware > 3.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-03-16 | CVE-2016-2846 | 7PK - Security Features vulnerability in Siemens Simatic S7 CPU 1200 Firmware 2.0/3.0/3.0.2 Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. | 6.4 |
2014-04-25 | CVE-2014-2909 | Code Injection vulnerability in Siemens products CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | 5.8 |
2014-04-25 | CVE-2014-2908 | Cross-Site Scripting vulnerability in Siemens products Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-03-24 | CVE-2014-2258 | Resource Management Errors vulnerability in Siemens products Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259. | 7.8 |
2014-03-24 | CVE-2014-2256 | Resource Management Errors vulnerability in Siemens products Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257. | 7.8 |
2014-03-24 | CVE-2014-2254 | Resource Management Errors vulnerability in Siemens products Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255. | 7.8 |
2014-03-24 | CVE-2014-2252 | Resource Management Errors vulnerability in Siemens products Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253. | 6.1 |
2014-03-24 | CVE-2014-2250 | Cryptographic Issues vulnerability in Siemens products The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251. | 8.3 |