Simatic S7 1500
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2200 | Hig | 0.49 | 7.5 | 0.06 | Feb 8, 2016 | Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102. | ||
| CVE-2016-2201 | Med | 0.35 | 5.3 | 0.01 | Feb 8, 2016 | Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. | ||
| CVE-2014-5074 | 0.04 | — | 0.13 | Aug 17, 2014 | Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets. | |||
| CVE-2014-2259 | 0.00 | — | 0.02 | Mar 16, 2014 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets. | |||
| CVE-2014-2257 | 0.00 | — | 0.01 | Mar 16, 2014 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets. | |||
| CVE-2014-2255 | 0.00 | — | 0.02 | Mar 16, 2014 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets. | |||
| CVE-2014-2253 | 0.00 | — | 0.00 | Mar 16, 2014 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. | |||
| CVE-2014-2249 | 0.00 | — | 0.00 | Mar 16, 2014 | Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2014-2248 | 0.00 | — | 0.01 | Mar 16, 2014 | Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2014-2247 | 0.00 | — | 0.01 | Mar 16, 2014 | The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. | |||
| CVE-2014-2246 | 0.00 | — | 0.01 | Mar 16, 2014 | Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.49cvss 7.5epss 0.06
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.
- risk 0.35cvss 5.3epss 0.01
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
- CVE-2014-5074Aug 17, 2014risk 0.04cvss —epss 0.13
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
- CVE-2014-2259Mar 16, 2014risk 0.00cvss —epss 0.02
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets.
- CVE-2014-2257Mar 16, 2014risk 0.00cvss —epss 0.01
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets.
- CVE-2014-2255Mar 16, 2014risk 0.00cvss —epss 0.02
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.
- CVE-2014-2253Mar 16, 2014risk 0.00cvss —epss 0.00
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets.
- CVE-2014-2249Mar 16, 2014risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2014-2248Mar 16, 2014risk 0.00cvss —epss 0.01
Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
- CVE-2014-2247Mar 16, 2014risk 0.00cvss —epss 0.01
The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors.
- CVE-2014-2246Mar 16, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.