Siemens SIPORT MP
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPORT MP Vulnerability: Insufficient logging 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the attacker to create special accounts with administrative privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS SIPORT MP: All…
Packet Sniffer to Sniff Sensitive Credentials Only
Author: Roshan Poudel 1.1 Problem Domain According to Nepal telecommunication authority, Nepal’s internet penetration rate is 63% as of 2018. With these increasing number, the responsibility of network monitoring has increased for network and security professionals. They are highly dependent upon the traditional packet sniffer…
Siemens SCALANCE S-600
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE S-600 Firewall Vulnerabilities: Resource Exhaustion, Cross-site Scripting 2. RISK EVALUATION These vulnerabilities could allow a remote attacker to conduct denial-of-service or cross-site scripting attacks. User interaction is required for a successful exploitation of the cross-site-scripting attack….
Siemens SIMATIC S7-1500
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1500 CPU family Vulnerability: Resource exhaustion 2. RISK EVALUATION This vulnerability could allow a remote attacker to conduct denial-of-service attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SIMATIC are affected: SIMATIC ET 200SP…
Siemens SIPROTEC 4 and SIPROTEC Compact
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerability: Improper Input Validation 2. RISK EVALUATION This vulnerability could allow an attacker to conduct a denial-of-service attack over the network. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the vulnerability…
Digi ConnectPort LTS 32 MEI
1. EXECUTIVE SUMMARY CVSS v3 2.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Digi International Equipment: ConnectPort LTS 32 MEI Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could limit system availability. 3. TECHNICAL DETAILS…
Siemens SIMATIC Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3.1 3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1626; HMI Panel (incl. SIPLUS variants); NET PC software; STEP 7 (TIA Portal); WinCC (TIA Portal); WinCC OA; WinCC Runtime (Pro and Advanced); TIM 1531 IRC (incl. SIPLUS variant) Vulnerability: Exposed Dangerous Method or Function…
Siemens Industrial Real-Time (IRT) Devices (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Real-Time (IRT) Devices Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisor update titled ICSA-19-283-01 Siemens Industrial Real-Time (IRT) Devices (Update A) that was published…
Siemens PROFINET Devices (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update B) that was published January 14, 2020, to…
Siemens Industrial Products (Update D)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-19-253-03 Siemens Industrial Products (Update B) that was published…
Stay connected