Sinamics G130
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12741 | Hig | 0.49 | 7.5 | 0.03 | Dec 26, 2017 | Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually. | ||
| CVE-2017-2681 | Med | 0.42 | 6.5 | 0.01 | May 11, 2017 | Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. | ||
| CVE-2017-2680 | Med | 0.42 | 6.5 | 0.01 | May 11, 2017 | Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. | ||
| CVE-2022-25622 | 0.00 | — | 0.01 | Apr 12, 2022 | The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on… | |||
| CVE-2019-10923 | 0.00 | — | 0.01 | Oct 10, 2019 | An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. | |||
| CVE-2013-6920 | 0.00 | — | 0.03 | Dec 7, 2013 | Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. |
- risk 0.49cvss 7.5epss 0.03
Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.
- risk 0.42cvss 6.5epss 0.01
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.
- risk 0.42cvss 6.5epss 0.01
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
- CVE-2022-25622Apr 12, 2022risk 0.00cvss —epss 0.01
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on…
- CVE-2019-10923Oct 10, 2019risk 0.00cvss —epss 0.01
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
- CVE-2013-6920Dec 7, 2013risk 0.00cvss —epss 0.03
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.