Siemens SCALANCE X Switches
1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform administrative actions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of…
Siemens SIPORT MP
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPORT MP Vulnerability: Insufficient logging 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the attacker to create special accounts with administrative privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS SIPORT MP: All…
Packet Sniffer to Sniff Sensitive Credentials Only
Author: Roshan Poudel 1.1 Problem Domain According to Nepal telecommunication authority, Nepal’s internet penetration rate is 63% as of 2018. With these increasing number, the responsibility of network monitoring has increased for network and security professionals. They are highly dependent upon the traditional packet sniffer…
Siemens SCALANCE S-600
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE S-600 Firewall Vulnerabilities: Resource Exhaustion, Cross-site Scripting 2. RISK EVALUATION These vulnerabilities could allow a remote attacker to conduct denial-of-service or cross-site scripting attacks. User interaction is required for a successful exploitation of the cross-site-scripting attack….
Siemens SIMATIC S7-1500
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1500 CPU family Vulnerability: Resource exhaustion 2. RISK EVALUATION This vulnerability could allow a remote attacker to conduct denial-of-service attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SIMATIC are affected: SIMATIC ET 200SP…
Siemens SIPROTEC 4 and SIPROTEC Compact
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerability: Improper Input Validation 2. RISK EVALUATION This vulnerability could allow an attacker to conduct a denial-of-service attack over the network. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the vulnerability…
Digi ConnectPort LTS 32 MEI
1. EXECUTIVE SUMMARY CVSS v3 2.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Digi International Equipment: ConnectPort LTS 32 MEI Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could limit system availability. 3. TECHNICAL DETAILS…
Siemens SIMATIC Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3.1 3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1626; HMI Panel (incl. SIPLUS variants); NET PC software; STEP 7 (TIA Portal); WinCC (TIA Portal); WinCC OA; WinCC Runtime (Pro and Advanced); TIM 1531 IRC (incl. SIPLUS variant) Vulnerability: Exposed Dangerous Method or Function…
Siemens Industrial Real-Time (IRT) Devices (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Real-Time (IRT) Devices Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisor update titled ICSA-19-283-01 Siemens Industrial Real-Time (IRT) Devices (Update A) that was published…
Siemens PROFINET Devices (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update B) that was published January 14, 2020, to…
Stay connected