Siemens LOGO! Web Server
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Web Server Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of LOGO! Web Server…
Baxter PrismaFlex and PrisMax (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: PrismaFlex and PrisMax Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Authentication, Use of Hard-Coded Password 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-170-02 Baxter PrismaFlex and…
Treck TCP/IP Stack (Update E)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control CISA is aware of a public report, known as “Ripple20” that…
Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK that was…
Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-070-02 Siemens SIMATIC S7-300 CPUs and SINUMERIK…
Siemens Industrial Products SNMP Vulnerabilities (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Various SCALANCE, SIMATIC, SIPLUS products Vulnerabilities: Data Processing Errors, NULL Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-042-02 Siemens Industrial Products SNMP Vulnerabilities that…
Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update D)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC Vulnerability: Incorrect Calculation of Buffer Size 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled 20-042-06 Siemens SIMATIC PCS 7,…
Siemens S7-1200 and S7-200 SMART CPUs (Update B)
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: S7-1200 CPU family (including SIPLUS variants); S7-200 SMART CPU family Vulnerability: Exposed Dangerous Method or Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled-19-318-02 Siemens S7-1200…
Siemens PROFINET Devices (Update F)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update E) that was published April 14, 2020, to…
Siemens SCALANCE Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE Products Vulnerabilities: Improper Adherence to Coding Standards 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-227-03 Siemens SCALANCE Products that was published August 15, 2019, to…
Stay connected