Vulnerabilities > Siemens > Simatic S7 CPU 1212C

DATE CVE VULNERABILITY TITLE RISK
2014-04-25 CVE-2014-2909 Code Injection vulnerability in Siemens products
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
network
siemens CWE-94
5.8
5.8
2014-04-25 CVE-2014-2908 Cross-Site Scripting vulnerability in Siemens products
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
siemens CWE-79
4.3
4.3
2014-03-24 CVE-2014-2258 Resource Management Errors vulnerability in Siemens products
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.
network
low complexity
siemens CWE-399
7.8
7.8
2014-03-24 CVE-2014-2256 Resource Management Errors vulnerability in Siemens products
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.
network
low complexity
siemens CWE-399
7.8
7.8
2014-03-24 CVE-2014-2254 Resource Management Errors vulnerability in Siemens products
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.
network
low complexity
siemens CWE-399
7.8
7.8
2014-03-24 CVE-2014-2252 Resource Management Errors vulnerability in Siemens products
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.
low complexity
siemens CWE-399
6.1
6.1
2014-03-24 CVE-2014-2250 Cryptographic Issues vulnerability in Siemens products
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.
network
siemens CWE-310
8.3
8.3