VYPR

Simatic S7 1500

by Siemens Foundation

CVEs (15)

  • CVE-2021-37185HigFeb 9, 2022
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions…

  • CVE-2018-16558HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a…

  • CVE-2018-13815HigDec 13, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation…

  • CVE-2016-2200HigFeb 8, 2016
    risk 0.49cvss 7.5epss 0.06

    Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.

  • CVE-2016-2201MedFeb 8, 2016
    risk 0.35cvss 5.3epss 0.03

    Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.

  • CVE-2014-5074Aug 17, 2014
    risk 0.04cvss epss 0.10

    Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.

  • CVE-2014-2259Mar 16, 2014
    risk 0.00cvss epss 0.04

    Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets.

  • CVE-2014-2257Mar 16, 2014
    risk 0.00cvss epss 0.03

    Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets.

  • CVE-2014-2255Mar 16, 2014
    risk 0.00cvss epss 0.04

    Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.

  • CVE-2014-2253Mar 16, 2014
    risk 0.00cvss epss 0.01

    Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets.

  • CVE-2014-2251Mar 16, 2014
    risk 0.00cvss epss 0.03

    The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.

  • CVE-2014-2249Mar 16, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2014-2248Mar 16, 2014
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2014-2247Mar 16, 2014
    risk 0.00cvss epss 0.02

    The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors.

  • CVE-2014-2246Mar 16, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.