VYPR

SIMATIC MV400 family

by Siemens Foundation

CVEs (5)

  • CVE-2020-25241HigMar 15, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP…

  • CVE-2020-27632HigMar 10, 2021
    risk 0.49cvss 7.5epss 0.01

    In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions.

  • CVE-2020-25705HigNov 17, 2020
    risk 0.49cvss 7.4epss 0.07

    A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as…

  • CVE-2019-10925HigJun 12, 2019
    risk 0.46cvss 7.1epss 0.02

    A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network…

  • CVE-2019-10926MedJun 12, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can…