All the vulnerabilites related to siemens - simatic_cp_1543-1
cve-2022-34820
Vulnerability from cvelistv5
Published
2022-07-12 10:07
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1242-7 V2 |
Version: All versions < V3.3.46 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE EU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE US",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-8 IRC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1 IRC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0.22"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543SP-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0.22"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1 RAIL",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-14T09:30:39.103Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-34820",
"datePublished": "2022-07-12T10:07:29",
"dateReserved": "2022-06-29T00:00:00",
"dateUpdated": "2024-08-03T09:22:10.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-50310
Vulnerability from cvelistv5
Published
2024-11-12 12:49
Modified
2024-11-12 16:08
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1543-1 V4.0 |
Version: V4.0.44 < V4.0.50 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_cp_1543-1",
"vendor": "siemens",
"versions": [
{
"lessThan": "V4.0.50",
"status": "affected",
"version": "V4.0.44",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T16:07:35.995670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T16:08:37.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543-1 V4.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.50",
"status": "affected",
"version": "V4.0.44",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions \u003e= V4.0.44 \u003c V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T12:49:53.487Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-654798.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-50310",
"datePublished": "2024-11-12T12:49:53.487Z",
"dateReserved": "2024-10-22T05:31:43.835Z",
"dateUpdated": "2024-11-12T16:08:37.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33716
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1543-1 (incl. SIPLUS variants) |
Version: All versions < V3.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"product": "SIMATIC CP 1545-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions \u003c V3.0), SIMATIC CP 1545-1 (All versions \u003c V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T09:21:22",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.0"
}
]
}
},
{
"product_name": "SIMATIC CP 1545-1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions \u003c V3.0), SIMATIC CP 1545-1 (All versions \u003c V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33716",
"datePublished": "2021-09-14T10:47:34",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34819
Vulnerability from cvelistv5
Published
2022-07-12 10:07
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1242-7 V2 |
Version: All versions < V3.3.46 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE EU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE US",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-8 IRC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1 IRC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0.22"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543SP-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 \u003c V2.2.28"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0.22"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1 RAIL",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-14T09:30:37.921Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-34819",
"datePublished": "2022-07-12T10:07:27",
"dateReserved": "2022-06-29T00:00:00",
"dateUpdated": "2024-08-03T09:22:10.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8561
Vulnerability from cvelistv5
Published
2016-11-18 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94436 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 | x_refsource_MISC | |
| http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:06:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94436"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8561",
"datePublished": "2016-11-18T21:00:00",
"dateReserved": "2016-10-07T00:00:00",
"dateUpdated": "2024-08-06T02:27:40.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34821
Vulnerability from cvelistv5
Published
2022-07-12 00:00
Modified
2025-01-14 10:26
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
8.8 (High) - CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0), SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 EEC LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC622-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC622-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC626-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC626-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC632-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC632-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC636-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC636-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC642-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC642-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC646-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC646-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "V2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1 iFeatures",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE EU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE US",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-8 IRC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "V2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0.22"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543SP-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "V2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "V2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "V2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "V2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0.22"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1 RAIL",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.46"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0), SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T10:26:58.220Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-517377.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-413565.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-34821",
"datePublished": "2022-07-12T00:00:00",
"dateReserved": "2022-06-29T00:00:00",
"dateUpdated": "2025-01-14T10:26:58.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8562
Vulnerability from cvelistv5
Published
2016-11-18 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94436 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 | x_refsource_MISC | |
| http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:06:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94436"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8562",
"datePublished": "2016-11-18T21:00:00",
"dateReserved": "2016-10-07T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2680
Vulnerability from cvelistv5
Published
2017-05-11 01:00
Modified
2024-09-10 09:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038463 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98369 | vdb-entry, x_refsource_BID | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf | x_refsource_CONFIRM | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02 | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf | x_refsource_CONFIRM | |
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/html/ssa-293562.html | ||
| https://cert-portal.siemens.com/productcert/html/ssa-284673.html | ||
| https://cert-portal.siemens.com/productcert/html/ssa-546832.html |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller |
Version: All versions < V4.1.1 Patch04 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-2680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T13:26:04.237652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T13:26:15.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038463"
},
{
"name": "98369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98369"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-284673.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.1 Patch04"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.1 Patch03"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4.0 Patch01"
}
]
},
{
"defaultStatus": "unknown",
"product": "Extension Unit 12\" PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.01.01"
}
]
},
{
"defaultStatus": "unknown",
"product": "Extension Unit 15\" PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.01.01"
}
]
},
{
"defaultStatus": "unknown",
"product": "Extension Unit 19\" PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.01.01"
}
]
},
{
"defaultStatus": "unknown",
"product": "Extension Unit 22\" PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.01.01"
}
]
},
{
"defaultStatus": "unknown",
"product": "IE/AS-i Link PN IO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "IE/PB-Link (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M-800 family (incl. S615, MUM-800 and RM1224)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.03"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W-700 IEEE 802.11n family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X-200 family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X-200IRT family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.4.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X-300 family (incl. X408 and SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X408 family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X414",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM-400 family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR-500 family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CM 1542-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CM 1542SP-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.15"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.82"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.82"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE US",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.82"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-8 IRC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.82"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-8 IRC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.82"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.15"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543SP-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.15"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1604",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1616",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1626",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 343-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 343-1 Lean (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 OPC UA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC DK-16xx PN IO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200AL IM 157-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200M (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-3 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-4 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN: IO-Link Master",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200S (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV420 SR-B",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV420 SR-B Body",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV420 SR-P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV420 SR-P Body",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV440 HR",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV440 SR",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV440 UR",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF650R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF680R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF685R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-200 SMART",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.X.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CP51M1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CPU555",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Teleservice Adapter IE Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Teleservice Adapter IE Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Teleservice Adapter IE Standard",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX F 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4 HF26"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCM w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.4 SP1 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCP w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.2 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G110M w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP6 HF3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP6 HF3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.7 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF27"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.8 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.7 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V4.7: All versions \u003c V4.7 HF27"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.8 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GH150 V4.7 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP5 HF7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GL150 V4.7 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GM150 V4.7 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF31"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S110 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4 SP3 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF27"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.7 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF27"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.8 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7.0 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF30"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7.4 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7.5 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SM120 V4.7 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS V90 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.01"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 828D V4.5 and prior",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5 SP6 HF2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 828D V4.7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP4 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 840D sl V4.5 and prior",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5 SP6 HF2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 840D sl V4.7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP4 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS ACT 3SU1 interface module PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Motor Starter M200D PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter 3RW44 PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITOP PSU8600 PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITOP UPS1600 PROFINET (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Softnet PROFINET IO for PC-based Windows systems",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:33:18.492Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "1038463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038463"
},
{
"name": "98369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98369"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-284673.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-2680",
"datePublished": "2017-05-11T01:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-10T09:33:18.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22924
Vulnerability from cvelistv5
Published
2021-08-05 20:16
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1223565 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0003/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5197 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | https://github.com/curl/curl |
Version: curl 7.10.4 to and include curl 7.77.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1223565"
},
{
"name": "FEDORA-2021-5d21b90a30",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
},
{
"name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "curl 7.10.4 to and include curl 7.77.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T00:06:17",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1223565"
},
{
"name": "FEDORA-2021-5d21b90a30",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
},
{
"name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "curl 7.10.4 to and include curl 7.77.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1223565",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1223565"
},
{
"name": "FEDORA-2021-5d21b90a30",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
},
{
"name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210902-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"name": "DSA-5197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22924",
"datePublished": "2021-08-05T20:16:56",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2681
Vulnerability from cvelistv5
Published
2017-05-11 10:00
Modified
2024-09-10 09:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038463 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98369 | vdb-entry, x_refsource_BID | |
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/html/ssa-293562.html |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller |
Version: All versions < V4.1.1 Patch04 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-2681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T20:22:19.045364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:22:26.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038463"
},
{
"name": "98369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98369"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.1 Patch04"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.1 Patch03"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4.0 Patch01"
}
]
},
{
"defaultStatus": "unknown",
"product": "IE/AS-i Link PN IO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "IE/PB-Link (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M-800 family (incl. S615, MUM-800 and RM1224)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.03"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W-700 IEEE 802.11n family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X-200 family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X-200IRT family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.4.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X-300 family (incl. X408 and SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X408 family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X414",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM-400 family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR-500 family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CM 1542-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CM 1542SP-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.15"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.82"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-8 IRC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.82"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.15"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543SP-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.15"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1604",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1616",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 343-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 343-1 Lean (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 OPC UA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC DK-16xx PN IO",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200AL IM 157-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200M (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-3 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-4 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN: IO-Link Master",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200S (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV420 SR-B",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV420 SR-B Body",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV420 SR-P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV420 SR-P Body",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV440 HR",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV440 SR",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV440 UR",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF650R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF680R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF685R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-200 SMART",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.X.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CP51M1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CPU555",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Teleservice Adapter IE Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Teleservice Adapter IE Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Teleservice Adapter IE Standard",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX F 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCM w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.4 SP1 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCP w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.2 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G110M w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP6 HF3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP6 HF3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.7 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF27"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.8 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.7 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V4.7: All versions \u003c V4.7 HF27"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.8 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S110 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4 SP3 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF27"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.7 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF27"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.8 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS V90 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.01"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 828D V4.5 and prior",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5 SP6 HF2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 828D V4.7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP4 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 840D sl V4.5 and prior",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5 SP6 HF2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 840D sl V4.7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP4 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS ACT 3SU1 interface module PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Motor Starter M200D PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter 3RW44 PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITOP PSU8600 PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITOP UPS1600 PROFINET (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Softnet PROFINET IO for PC-based Windows systems",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:33:20.658Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "1038463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038463"
},
{
"name": "98369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98369"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-2681",
"datePublished": "2017-05-11T10:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-10T09:33:20.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12815
Vulnerability from cvelistv5
Published
2019-07-19 22:56
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tbspace.de/cve201912815proftpd.html | x_refsource_MISC | |
| http://bugs.proftpd.org/show_bug.cgi?id=4372 | x_refsource_MISC | |
| https://github.com/proftpd/proftpd/pull/816 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/109339 | vdb-entry, x_refsource_BID | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/ | vendor-advisory, x_refsource_FEDORA | |
| https://seclists.org/bugtraq/2019/Aug/3 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4491 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/201908-16 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html | vendor-advisory, x_refsource_SUSE | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tbspace.de/cve201912815proftpd.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=4372"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/pull/816"
},
{
"name": "109339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109339"
},
{
"name": "FEDORA-2019-82b0f48691",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/"
},
{
"name": "FEDORA-2019-e9187610c3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/"
},
{
"name": "20190805 [SECURITY] [DSA 4491-1] proftpd-dfsg security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/3"
},
{
"name": "DSA-4491",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4491"
},
{
"name": "[debian-lts-announce] 20190807 [SECURITY] [DLA 1873-1] proftpd-dfsg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1836",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"
},
{
"name": "openSUSE-SU-2019:1870",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"
},
{
"name": "GLSA-201908-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-16"
},
{
"name": "openSUSE-SU-2020:0031",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T10:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tbspace.de/cve201912815proftpd.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=4372"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/proftpd/proftpd/pull/816"
},
{
"name": "109339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109339"
},
{
"name": "FEDORA-2019-82b0f48691",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/"
},
{
"name": "FEDORA-2019-e9187610c3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/"
},
{
"name": "20190805 [SECURITY] [DSA 4491-1] proftpd-dfsg security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/3"
},
{
"name": "DSA-4491",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4491"
},
{
"name": "[debian-lts-announce] 20190807 [SECURITY] [DLA 1873-1] proftpd-dfsg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1836",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"
},
{
"name": "openSUSE-SU-2019:1870",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"
},
{
"name": "GLSA-201908-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-16"
},
{
"name": "openSUSE-SU-2020:0031",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tbspace.de/cve201912815proftpd.html",
"refsource": "MISC",
"url": "https://tbspace.de/cve201912815proftpd.html"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=4372",
"refsource": "MISC",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=4372"
},
{
"name": "https://github.com/proftpd/proftpd/pull/816",
"refsource": "MISC",
"url": "https://github.com/proftpd/proftpd/pull/816"
},
{
"name": "109339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109339"
},
{
"name": "FEDORA-2019-82b0f48691",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/"
},
{
"name": "FEDORA-2019-e9187610c3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/"
},
{
"name": "20190805 [SECURITY] [DSA 4491-1] proftpd-dfsg security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/3"
},
{
"name": "DSA-4491",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4491"
},
{
"name": "[debian-lts-announce] 20190807 [SECURITY] [DLA 1873-1] proftpd-dfsg security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1836",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"
},
{
"name": "openSUSE-SU-2019:1870",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"
},
{
"name": "GLSA-201908-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-16"
},
{
"name": "openSUSE-SU-2020:0031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12815",
"datePublished": "2019-07-19T22:56:14",
"dateReserved": "2019-06-13T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-05-11 10:29
Modified
2024-11-21 03:23
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | http://www.securityfocus.com/bid/98369 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | http://www.securitytracker.com/id/1038463 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-293562.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf | Vendor Advisory | |
| productcert@siemens.com | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98369 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038463 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/html/ssa-293562.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_343-1_std_firmware | * | |
| siemens | simatic_cp_343-1_std | - | |
| siemens | simatic_cp_343-1_lean_firmware | * | |
| siemens | simatic_cp_343-1_lean | - | |
| siemens | simatic_cp_343-1_adv_firmware | * | |
| siemens | simatic_cp_343-1_adv | - | |
| siemens | simatic_cp_443-1_std_firmware | * | |
| siemens | simatic_cp_443-1_std | - | |
| siemens | simatic_cp_443-1_adv_firmware | * | |
| siemens | simatic_cp_443-1_adv | - | |
| siemens | simatic_cp_443-1_opc-ua_firmware | * | |
| siemens | simatic_cp_443-1_opc-ua | - | |
| siemens | simatic_cp_1243-1_firmware | * | |
| siemens | simatic_cp_1243-1 | - | |
| siemens | simatic_cm_1542-1_firmware | * | |
| siemens | simatic_cm_1542-1 | - | |
| siemens | simatic_cp_1543sp-1_firmware | * | |
| siemens | simatic_cp_1542sp-1 | - | |
| siemens | simatic_cp_1542sp-1_irc_firmware | * | |
| siemens | simatic_cp_1542sp-1_irc | - | |
| siemens | simatic_cp_1543sp-1_firmware | * | |
| siemens | simatic_cp_1543sp-1 | - | |
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - | |
| siemens | simatic_rf650r_firmware | * | |
| siemens | simatic_rf650r | - | |
| siemens | simatic_rf680r_firmware | * | |
| siemens | simatic_rf680r | - | |
| siemens | simatic_rf685r_firmware | * | |
| siemens | simatic_rf685r | - | |
| siemens | simatic_cp_1616_firmware | * | |
| siemens | simatic_cp_1616 | - | |
| siemens | simatic_cp_1604_firmware | * | |
| siemens | simatic_cp_1604 | - | |
| siemens | simatic_dk-16xx_pn_io_firmware | * | |
| siemens | simatic_dk-16xx_pn_io | - | |
| siemens | scalance_x200_firmware | * | |
| siemens | scalance_x200 | - | |
| siemens | scalance_x200_irt_firmware | * | |
| siemens | scalance_x200_irt | - | |
| siemens | scalance_x300_firmware | * | |
| siemens | scalance_x300 | - | |
| siemens | scalance_x408_firmware | * | |
| siemens | scalance_x408 | - | |
| siemens | scalance_x414_firmware | * | |
| siemens | scalance_x414 | - | |
| siemens | scalance_xm400_firmware | * | |
| siemens | scalance_xm400 | - | |
| siemens | scalance_xr500_firmware | * | |
| siemens | scalance_xr500 | - | |
| siemens | scalance_w700_firmware | * | |
| siemens | scalance_w700 | - | |
| siemens | scalance_m-800_firmware | * | |
| siemens | scalance_m-800 | - | |
| siemens | scalance_s615_firmware | * | |
| siemens | scalance_s615 | - | |
| siemens | softnet_profinet_io_firmware | * | |
| siemens | softnet_profinet_io_firmware | 14 | |
| siemens | softnet_profinet_io | - | |
| siemens | ie\/pb-link_firmware | * | |
| siemens | ie\/pb-link | - | |
| siemens | ie\/as-i_link_pn_io_firmware | * | |
| siemens | ie\/as-i_link_pn_io | - | |
| siemens | simatic_teleservice_adapter_standard_modem_firmware | * | |
| siemens | simatic_teleservice_adapter_standard_modem | - | |
| siemens | simatic_teleservice_adapter_ie_basic_modem_firmware | * | |
| siemens | simatic_teleservice_adapter_ie_basic_modem | - | |
| siemens | simatic_teleservice_adapter_ie_advanced_modem_firmware | * | |
| siemens | simatic_teleservice_adapter_ie_advanced_modem | - | |
| siemens | sitop_psu8600_firmware | * | |
| siemens | sitop_psu8600 | - | |
| siemens | ups1600_profinet_firmware | * | |
| siemens | ups1600_profinet | - | |
| siemens | simatic_et_200al_firmware | * | |
| siemens | simatic_et_200al | - | |
| siemens | simatic_et_200ecopn_firmware | * | |
| siemens | simatic_et_200ecopn | - | |
| siemens | simatic_et_200m_firmware | * | |
| siemens | simatic_et_200m | - | |
| siemens | simatic_et_200mp_firmware | * | |
| siemens | simatic_et_200mp | - | |
| siemens | simatic_et_200pro_firmware | * | |
| siemens | simatic_et_200pro | - | |
| siemens | simatic_et_200s_firmware | * | |
| siemens | simatic_et_200s | - | |
| siemens | simatic_et_200sp_firmware | * | |
| siemens | simatic_et_200sp | - | |
| siemens | pn\/pn_coupler_firmware | * | |
| siemens | pn\/pn_coupler | - | |
| siemens | dk_standard_ethernet_controller_firmware | * | |
| siemens | dk_standard_ethernet_controller_firmware | 4.1.1 | |
| siemens | dk_standard_ethernet_controller | - | |
| siemens | ek-ertec_200p_pn_io_firmware | * | |
| siemens | ek-ertec_200p_pn_io_firmware | 4.4.0 | |
| siemens | ek-ertec_200p_pn_io | - | |
| siemens | ek-ertec_200_pn_io_firmware | * | |
| siemens | ek-ertec_200_pn_io_firmware | 4.2.1 | |
| siemens | ek-ertec_200_pn_io | - | |
| siemens | simatic_s7-200_smart_firmware | * | |
| siemens | simatic_s7-200_smart | - | |
| siemens | simatic_s7-300_firmware | * | |
| siemens | simatic_s7-300 | - | |
| siemens | simatic_s7-400_firmware | * | |
| siemens | simatic_s7-400 | - | |
| siemens | simatic_s7-1200_firmware | * | |
| siemens | simatic_s7-1200 | - | |
| siemens | simatic_s7-1500_firmware | * | |
| siemens | simatic_s7-1500 | - | |
| siemens | simatic_winac_rtx_firmware | * | |
| siemens | simatic_winac_rtx_firmware | 2010 | |
| siemens | simatic_winac_rtx | - | |
| siemens | sirius_act_3su1_firmware | * | |
| siemens | sirius_act_3su1 | - | |
| siemens | sirius_soft_starter_3rw44_pn_firmware | * | |
| siemens | sirius_soft_starter_3rw44_pn | - | |
| siemens | sirius_motor_starter_m200d_profinet_firmware | * | |
| siemens | sirius_motor_starter_m200d_profinet | - | |
| siemens | simocode_pro_v_profinet_firmware | * | |
| siemens | simocode_pro_v_profinet | - | |
| siemens | sinamics_dcm_firmware | * | |
| siemens | sinamics_dcm_firmware | 1.4 | |
| siemens | sinamics_dcm | - | |
| siemens | sinamics_dcp_firmware | * | |
| siemens | sinamics_dcp_firmware | 1.2 | |
| siemens | sinamics_dcp | - | |
| siemens | sinamics_g110m_firmware | * | |
| siemens | sinamics_g110m_firmware | 4.7 | |
| siemens | sinamics_g110m | - | |
| siemens | sinamics_g120\(c\/p\/d\)_pn_firmware | * | |
| siemens | sinamics_g120\(c\/p\/d\)_pn | - | |
| siemens | sinamics_g130_firmware | * | |
| siemens | sinamics_g130_firmware | 4.7 | |
| siemens | sinamics_g130 | - | |
| siemens | sinamics_g150_firmware | * | |
| siemens | sinamics_g150_firmware | 4.7 | |
| siemens | sinamics_g150 | - | |
| siemens | sinamics_s110_pn_firmware | * | |
| siemens | sinamics_s110_pn_firmware | 4.4 | |
| siemens | sinamics_s110_pn | - | |
| siemens | sinamics_s120_firmware | * | |
| siemens | sinamics_s120_firmware | 4.7 | |
| siemens | sinamics_s120 | - | |
| siemens | sinamics_s150_firmware | * | |
| siemens | sinamics_s150_firmware | 4.7 | |
| siemens | sinamics_s150 | - | |
| siemens | sinamics_v90_pn_firmware | * | |
| siemens | sinamics_v90_pn | - | |
| siemens | simotion_firmware | * | |
| siemens | simotion_firmware | 4.5 | |
| siemens | simotion | - | |
| siemens | sinumerik_828d_firmware | * | |
| siemens | sinumerik_828d_firmware | 4.5 | |
| siemens | sinumerik_828d | - | |
| siemens | sinumerik_840d_sl_firmware | * | |
| siemens | sinumerik_840d_sl_firmware | 4.5 | |
| siemens | sinumerik_840d_sl | - | |
| siemens | simatic_hmi_comfort_panels | * | |
| siemens | simatic_hmi_comfort_panels | - | |
| siemens | simatic_hmi_multi_panels | * | |
| siemens | simatic_hmi_multi_panels | - | |
| siemens | simatic_hmi_mobile_panels | * | |
| siemens | simatic_hmi_mobile_panels | - | |
| siemens | simatic_cp_1243-1_irc_firmware | * | |
| siemens | simatic_cp_1243-1_irc | - | |
| siemens | simatic_cp_1243-1_iec_firmware | * | |
| siemens | simatic_cp_1243-1_iec | - | |
| siemens | simatic_cp_1243-1_dnp3_firmware | * | |
| siemens | simatic_cp_1243-1_dnp3 | - | |
| siemens | simatic_cm_1542sp-1_firmware | * | |
| siemens | simatic_cm_1542sp-1 | - | |
| siemens | simatic_s7-1500_software_controller | * | |
| siemens | sinumerik_828d_firmware | * | |
| siemens | sinumerik_828d_firmware | 4.7 | |
| siemens | sinumerik_828d | - | |
| siemens | sinumerik_840d_sl_firmware | * | |
| siemens | sinumerik_840d_sl_firmware | 4.7 | |
| siemens | sinumerik_840d_sl | - | |
| siemens | simatic_tdc_cpu555_firmware | * | |
| siemens | simatic_tdc_cpu555 | - | |
| siemens | simatic_tdc_cp51m1_firmware | * | |
| siemens | simatic_tdc_cp51m1 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_std_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF143FA-311E-4081-805F-BBDB72003556",
"versionEndExcluding": "3.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_343-1_std:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C351559-6D8D-4EA8-87D6-83003844BD97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47A5C59B-DAB3-4B05-B9FA-B75685F4AE2A",
"versionEndExcluding": "3.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2A18E2-F88F-4DC1-81E9-AC836C85A248",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_adv_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0622A2-C918-4062-938A-8736469F8286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_343-1_adv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "438184C5-3A2C-4DEE-8FF2-0EFBAA1BA37A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_std_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8BECDB-D55A-4B74-ADEC-CDDBAC4E3481",
"versionEndExcluding": "3.2.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_443-1_std:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8C873A-25EB-4787-9F25-DC5852337093",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_adv_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58E4035F-02AB-4B6D-A9AF-556DBE021C30",
"versionEndExcluding": "3.2.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_443-1_adv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75013961-5B00-42E9-9061-CF2E9A4FC090",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_opc-ua_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32DC8BB2-9BC6-4CC2-9CF0-28DF8AEC595A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_443-1_opc-ua:-:*:*:*:*:*:*:*",
"matchCriteriaId": "977E97C8-959F-4146-8BFD-0FCF014B1534",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE1A019-4BC4-4352-BA16-05629A20F89F",
"versionEndExcluding": "2.1.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cm_1542-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE0A3E5-0069-4AD5-B287-88BE5D0291F1",
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cm_1542-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3A00F-252F-4E41-8254-6E8BBD40C4FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E3782-7F36-4BC3-8D00-E1961E3105E3",
"versionEndExcluding": "1.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C868560-8BAE-462D-AED0-3C52EA9B6DB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AF0B55-84D1-46FA-B3A1-81EB2E2FED18",
"versionEndExcluding": "1.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496E9B17-BD29-4DE9-96B3-B23E3599C766",
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "843A8686-5172-4782-BB97-B5D3C6FB27A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F7A42E-4D63-4A2A-ABF6-CA08BB6C6234",
"versionEndExcluding": "1.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf650r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37B4E3A9-FE27-4A31-A213-92B461A5C846",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf650r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82C2C69-D983-4317-968B-D1855DF8AE43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf680r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "177A6E55-8D64-4CB8-B366-AE272E715932",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf680r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "450DE127-DFED-4799-B8EA-0F95028E4BC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf685r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72D14DB5-6132-4442-8AB2-3ECE89B1D47C",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf685r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63F70060-0090-4BD7-8BF6-769989879ACD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDC53A8-3F99-481E-9B0A-F5AF296B5BD6",
"versionEndExcluding": "2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA074FBE-1C3E-4441-8C51-52B555B85D9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0424AECD-68D5-45F1-9F55-B72CB4DFE39C",
"versionEndExcluding": "2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6304FA24-F194-4EE2-95F5-35D086F82C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_dk-16xx_pn_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26113F2F-8C5E-471B-9E12-AA3B3860B5CF",
"versionEndExcluding": "2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_dk-16xx_pn_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0D867D-737F-4CEC-BAEA-9ADE0BA2303E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45008AE8-8386-4CBA-8C38-10C1A60150C2",
"versionEndExcluding": "5.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A59C91EA-5D1B-4970-8C36-BD76BA420B12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61995A-2018-4DAA-9529-BADC145B267F",
"versionEndExcluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF3DA7A-6B80-4F20-835F-BF071197D1B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC97A506-7E63-43A3-ACB0-DDAF3C5369C3",
"versionEndExcluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6299B-D7E3-4750-B016-7DCBC83C2287",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A4CF89-9DDA-4974-A886-CC0A912017F7",
"versionEndExcluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47F713E4-4B75-476E-BC21-92CA10198AE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x414_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA7C987-779A-4B64-BFAC-73D54618AF04",
"versionEndExcluding": "3.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4C1BEF-D6B4-4260-9AC5-6F903EF6F4B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xm400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EB11E9-4036-4A93-91DC-4D987B5FE2BA",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xm400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC408A8-903F-43A2-9D05-65AD4482FDBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9AF696-211F-4CAD-8A0E-402487E8DC50",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080E722F-FCD4-4967-86EE-151ADC5702E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8763BB9-5DDA-4817-BDA6-63983CD4BC67",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3033B1E-57A6-4AE3-A861-7047CF8EAD79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74BBB98-0146-467E-B77B-E2FA1ABF2ED5",
"versionEndExcluding": "4.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB9921A-5204-40A3-88AB-B7755F5C6875",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2345F75-2CD1-4014-8F90-36A4FB4CC3BE",
"versionEndExcluding": "4.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E917CBBB-EF41-4113-B0CA-EB91889235E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9831567D-6528-4ACA-99F9-1EC42CB4A90D",
"versionEndExcluding": "14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:14:-:*:*:*:*:*:*",
"matchCriteriaId": "27BC04E4-8C6F-4A66-86C4-A8F793A10BDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:softnet_profinet_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E348069A-B809-4DF6-81E9-DC52C6E2C268",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ie\\/pb-link_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED91175-0AF3-424A-8C49-43587BB95EAB",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ie\\/pb-link:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D43C16C-0719-4648-903F-6CC0FFF1835A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ie\\/as-i_link_pn_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E909C1E-9329-4459-ACE3-AD906CD4A968",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ie\\/as-i_link_pn_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317863B6-0B71-4D03-83FE-FC59EBB5307C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_teleservice_adapter_standard_modem_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F37323-B072-470B-B770-9735B84CACFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_teleservice_adapter_standard_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "610DF0CA-D0FA-4CBE-8383-6F038E7AC4C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_basic_modem_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B366E4A-4223-4A42-9A05-52EB23BCF209",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_basic_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98FB86B6-DB8A-42EF-BA60-68D96B6FE8B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_advanced_modem_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD7CAEE-9C1A-4520-8F85-FD9BFB0A57D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_advanced_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF513598-C3FA-4555-8133-A7276DDAFAC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sitop_psu8600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5468C9FA-ADD9-4FD3-89FE-C3621F5CB0EC",
"versionEndExcluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sitop_psu8600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55058209-8AE5-42AF-80D4-5A7A44307266",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ups1600_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B85DBA-24CA-4F95-89A5-D53D5AC69B0E",
"versionEndExcluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ups1600_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC84D6F-F5E0-47CF-B11E-1C43F866D972",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200al_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9D0595-53CD-48C0-82E3-DB0B2EC17721",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200al:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34C17B00-34B5-4A15-9333-252BE2975F37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0B998-E408-408F-8F78-5E90F74E9C9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0259EAE9-0CA0-49A5-A573-8339604A181B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E56570-5C20-40BD-BF0B-F6ED06AFC8F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7037E46B-4FE5-4693-B6A6-B5AF7B652C4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BE63B0-F44E-4FCD-B00C-77595BACC62E",
"versionEndExcluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49DA8715-D671-4D8F-A870-E61960A5AFA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D054139B-BE36-4B34-88AE-BC487DCB1DCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0CE2EC-9A73-4576-A389-A19893D47B0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB063929-AAB0-4FF8-BCA3-71BA80517B1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1EC40E7-F004-446C-B5C9-0AB9911105E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200sp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3237684A-3BEA-462F-A91D-ABC94C90D15A",
"versionEndExcluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200sp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691CA334-4394-4ED6-B417-F67FC92228AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:pn\\/pn_coupler_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32BD232D-A6BB-4D7B-BD00-1085D08D8A77",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:pn\\/pn_coupler:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2846BD-9DAB-44A2-87C9-39E3ACFE03FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE40195-DE5A-4B9C-9455-FAF92FF090D0",
"versionEndExcluding": "4.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9B339839-3D74-4E13-9EB6-24CA46F991A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53DF35F1-94FF-4D0B-9FA2-E8B0AFAEA5FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9329BF4-D00A-4138-AA4C-93022002C0B9",
"versionEndExcluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:4.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7863DDDC-D5CE-44FE-89C4-0E8A702A91A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ek-ertec_200p_pn_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E62802E3-AFA3-4023-9671-95C220397956",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C46E084-9732-4920-86C2-3A91830CBCE3",
"versionEndExcluding": "4.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "18C8B2FB-87C3-4DBB-9960-53FA545F26CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ek-ertec_200_pn_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42D3FAF4-9B78-4EEF-8D80-17E9B98228D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-200_smart_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "251EE4B2-F1C7-4ACF-B90D-4C0FE3D181E5",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-200_smart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598EEFC9-5240-4011-9017-A9557585AA19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9461CADE-1624-4D1B-8CF2-CF65F75071C0",
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFD4E99-5C66-443F-8B6F-FA01C895DE78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2570E321-C28E-46FA-8693-1230B3B5FD1B",
"versionEndExcluding": "6.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F97B67B-4516-4AD9-B33C-7F480EE0DB4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "582B49BD-4565-4D19-BBE6-A193BDFCE8B0",
"versionEndExcluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC545350-FD53-4B2E-886F-E20F12260C9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D24953B-B3DF-4150-810C-64A94A55E829",
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DDEA9B-E1BF-4572-8E12-D13C54603E77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDBB38-20D2-48C3-8B58-62C2D8CC00B8",
"versionEndExcluding": "2010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010:-:*:*:*:*:*:*",
"matchCriteriaId": "EA59D713-F342-4CDA-BDC8-108352D385DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5ADAB0-3985-4933-8CDD-D1546D8271CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E36412A-1AAB-42D1-B0B4-7A7BBF3CB317",
"versionEndExcluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8582A3E8-C05E-4D0B-851D-8C3181ED61CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sirius_soft_starter_3rw44_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F84A65E6-4672-4B62-826E-6FAAE0B4A89D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sirius_soft_starter_3rw44_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB058FA-3E70-4489-AAB1-0CB7EF16A2E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sirius_motor_starter_m200d_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D42184E-8998-4C40-9612-5C9DE193CC06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sirius_motor_starter_m200d_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5CB62E-04B7-4DD3-AA06-EB4A4FA58E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simocode_pro_v_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FDB53A-8F5D-46AA-9366-F6480B12D744",
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simocode_pro_v_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352651A0-F7CE-4689-8597-15F3764707A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2943F3-C46C-462E-9062-EE7B3E56CF72",
"versionEndExcluding": "1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.4:-:*:*:*:*:*:*",
"matchCriteriaId": "975EFBBB-33E1-4D04-9E06-93553D45539C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A43D34-ECA3-4330-B85F-02BDD1D22149",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7A7140-62A2-434F-AB79-1D47C918F1FE",
"versionEndExcluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_dcp_firmware:1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A2B61A79-C2B0-4C3D-A63C-B20FF78B2981",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B75F50CA-7371-4BC7-8D8A-13F8BC69E4EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "775C90BB-C026-435C-889A-517EF85656C5",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "CAA92AC6-7DA0-418D-A13F-69268DFD7966",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D61D3E9C-1346-4354-BCD9-B02F67500C41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_g120\\(c\\/p\\/d\\)_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21ED7835-5D9B-4AF0-8E71-A4E7377FAD9F",
"versionEndExcluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_g120\\(c\\/p\\/d\\)_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64E77B7F-3E48-4C2C-9E2E-4AAEA6BCA71A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3B0706-47CD-43FB-8E3A-7EEEF020AFBA",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "1D36CF8D-6DA4-49ED-9EF1-F96292F671EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "373DBE44-AC28-4D04-93BB-35CD8C60E899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC731378-CB83-4C15-BC6A-5A86DF9B62F1",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_g150_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "51A78A0B-5D75-418A-98AC-6EBF50D89A8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2296CA65-0E89-4BCB-8003-E7212BF1F585",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_s110_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35B36BC1-EE75-48D5-B511-C79891DA0F86",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_s110_pn_firmware:4.4:-:*:*:*:*:*:*",
"matchCriteriaId": "8C21EF20-693C-425F-A370-E84722856212",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_s110_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D7197E-C921-42CA-BE43-C96A4223F443",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A0BE57-1A9A-4564-9C53-CF47DEEF7991",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "376556D0-1AE2-4F80-B3CE-C0251E35C326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A824BD-935F-4E53-8313-C5544B0489C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772FF972-2193-4639-B454-F92762E49C39",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_s150_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "EE2B31F0-D45F-4B42-95D2-540C68C5F3DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D48682C-A39D-4A09-B904-50FA64A9D2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_v90_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE54303-4FDA-42C7-B33B-BA884CD31339",
"versionEndExcluding": "1.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_v90_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D870F289-F2BC-4105-A8F0-30E47CDE9FEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A7198A-D6C5-4FBF-8860-5C8EA864718B",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simotion_firmware:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "B5DA6BF7-ECB8-47F1-A791-E65CFF89A608",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simotion:-:*:*:*:*:*:*:*",
"matchCriteriaId": "879CF09E-4735-4A73-8E7B-215F2701F7E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71CD07D8-ECED-47EF-B2BC-0585F9BB00C1",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinumerik_828d_firmware:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "AEB948AA-7BD7-4A0F-B86E-38ECD722C086",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D97047C-9772-4AEB-B993-131EBBAE33BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28E3AB24-86B4-485D-8D3A-131E5C7F0108",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "40AC387B-B799-4A34-8C9E-73D05B86801D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "765286DF-07EC-4C7A-AB8C-09559CD977EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE53BC8E-CDA7-476A-87CA-532F365C79A7",
"versionEndExcluding": "15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCFE761-35C9-43EF-85BC-E8083B9F75CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1150AED-CDBE-492C-95FF-3E02B3B447F1",
"versionEndExcluding": "15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAE6A83-737B-47A9-86BB-652C7F6A8013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_mobile_panels:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8D21B-9CF4-4C2E-B33C-212BA29C7124",
"versionEndExcluding": "15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_mobile_panels:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55E03180-BE77-4A22-A6C1-FE90B9760570",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02610368-4B97-4B3F-8592-64CF8F65D8AD",
"versionEndExcluding": "2.1.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7964A-E7A4-4CDE-B376-5BBEC5F00A73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5003DA-5488-47C1-B442-9137E849FDD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE96226-A2DF-4A9E-8CBB-8D7CF328E404",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF9D803-FF47-4400-B2C4-1F4EE28E5AA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFBFB96-1A35-4724-831B-68E3A9C32921",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cm_1542sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF91884-7532-4E15-A754-EBC430FD0E9D",
"versionEndExcluding": "1.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cm_1542sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "921D7568-9FE9-4491-B099-A922984351DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D5B21D-0DC1-479B-810B-21E78F34A80A",
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45B42950-8BD9-4933-9615-27FCC67C03A1",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinumerik_828d_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "86ADBE36-CC1F-4F3C-81CA-ABA0F40AC212",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D97047C-9772-4AEB-B993-131EBBAE33BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6377EA6B-8EE3-4208-8FB0-175684A77B3F",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "D5AE6E9A-02B9-4A69-ACC4-EFBE1767E51E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "765286DF-07EC-4C7A-AB8C-09559CD977EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D87643C3-6525-4CBD-BC0C-6B4DC30C8642",
"versionEndExcluding": "1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE6AB995-D67B-43E5-B8FF-97C38D20CB10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C936A7A-1AF9-44E4-9CEC-0694A424616B",
"versionEndExcluding": "1.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA1E7C4-6352-41A4-8A94-C24DDB456572",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected."
},
{
"lang": "es",
"value": "Los paquetes PROFINET DCP especialmente dise\u00f1ados que se env\u00edan en un segmento Ethernet local (capa 2) a un producto afectado podr\u00edan causar una condici\u00f3n de denegaci\u00f3n de servicio de ese producto. Se requiere la interacci\u00f3n humana para recuperar el sistema. Las interfaces PROFIBUS no est\u00e1n afectadas. Esta vulnerabilidad s\u00f3lo afecta a los SIMATIC HMI Multi Panels y HMI Mobile Panels, y a los dispositivos S7-300/S7-400"
}
],
"id": "CVE-2017-2681",
"lastModified": "2024-11-21T03:23:57.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2017-05-11T10:29:00.180",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98369"
},
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038463"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Broken Link"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:09
Severity ?
Summary
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - | |
| siemens | simatic_cp_1545-1_firmware | * | |
| siemens | simatic_cp_1545-1 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEA735D-FAAC-43D7-8469-EC57F6EFDDBC",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D599BF67-DFBB-4107-ACD9-1231D12EC9B5",
"versionEndExcluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C557DEBB-B71C-42E5-BBCE-0CFF3D10D700",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions \u003c V3.0), SIMATIC CP 1545-1 (All versions \u003c V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.0), SIMATIC CP 1545-1 (Todas las versiones anteriores a V1.1). Un atacante con acceso a la subred del dispositivo afectado podr\u00eda recuperar informaci\u00f3n sensible almacenada en texto claro"
}
],
"id": "CVE-2021-33716",
"lastModified": "2024-11-21T06:09:26.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-14T11:15:24.347",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-11 01:29
Modified
2024-11-21 03:23
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | http://www.securityfocus.com/bid/98369 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | http://www.securitytracker.com/id/1038463 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-284673.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-293562.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-546832.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf | Vendor Advisory | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf | Vendor Advisory | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf | Vendor Advisory | |
| productcert@siemens.com | https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02 | Third Party Advisory, US Government Resource | |
| productcert@siemens.com | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98369 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038463 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/html/ssa-284673.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/html/ssa-293562.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/html/ssa-546832.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_343-1_std_firmware | * | |
| siemens | simatic_cp_343-1_std | - | |
| siemens | simatic_cp_343-1_lean_firmware | * | |
| siemens | simatic_cp_343-1_lean | - | |
| siemens | simatic_cp_343-1_adv_firmware | * | |
| siemens | simatic_cp_343-1_adv | - | |
| siemens | simatic_cp_443-1_std_firmware | * | |
| siemens | simatic_cp_443-1_std | - | |
| siemens | simatic_cp_443-1_adv_firmware | * | |
| siemens | simatic_cp_443-1_adv | - | |
| siemens | simatic_cp_443-1_opc-ua_firmware | * | |
| siemens | simatic_cp_443-1_opc-ua | - | |
| siemens | simatic_cp_1243-1_firmware | * | |
| siemens | simatic_cp_1243-1 | - | |
| siemens | simatic_cm_1542-1_firmware | * | |
| siemens | simatic_cm_1542-1 | - | |
| siemens | simatic_cp_1542sp-1_firmware | * | |
| siemens | simatic_cp_1542sp-1 | - | |
| siemens | simatic_cp_1542sp-1_irc_firmware | * | |
| siemens | simatic_cp_1542sp-1_irc | - | |
| siemens | simatic_cp_1543sp-1_firmware | * | |
| siemens | simatic_cp_1543sp-1 | - | |
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - | |
| siemens | simatic_rf650r_firmware | * | |
| siemens | simatic_rf650r | - | |
| siemens | simatic_rf680r_firmware | * | |
| siemens | simatic_rf680r | - | |
| siemens | simatic_rf685r_firmware | * | |
| siemens | simatic_rf685r | - | |
| siemens | simatic_cp_1616_firmware | * | |
| siemens | simatic_cp_1616 | - | |
| siemens | simatic_cp_1604_firmware | * | |
| siemens | simatic_cp_1604 | - | |
| siemens | simatic_dk-1616_pn_io_firmware | * | |
| siemens | simatic_dk-1616_pn_io | - | |
| siemens | scalance_x200_firmware | * | |
| siemens | scalance_x200 | - | |
| siemens | scalance_x200_irt_firmware | * | |
| siemens | scalance_x200_irt | - | |
| siemens | scalance_x300_firmware | * | |
| siemens | scalance_x300 | - | |
| siemens | scalance_x408_firmware | * | |
| siemens | scalance_x408 | - | |
| siemens | scalance_x414_firmware | * | |
| siemens | scalance_x414 | - | |
| siemens | scalance_xm400_firmware | * | |
| siemens | scalance_xm400 | - | |
| siemens | scalance_xr500_firmware | * | |
| siemens | scalance_xr500 | - | |
| siemens | scalance_w700_firmware | * | |
| siemens | scalance_w700 | - | |
| siemens | scalance_m-800_firmware | * | |
| siemens | scalance_m-800 | - | |
| siemens | scalance_s615_firmware | * | |
| siemens | scalance_s615 | - | |
| siemens | softnet_profinet_io_firmware | * | |
| siemens | softnet_profinet_io_firmware | 14 | |
| siemens | softnet_profinet_io | - | |
| siemens | ie\/pb-link_firmware | * | |
| siemens | ie\/pb-link | - | |
| siemens | ie\/as-i_link_pn_io_firmware | * | |
| siemens | ie\/as-i_link_pn_io | - | |
| siemens | simatic_teleservice_adapter_ie_standard_firmware | * | |
| siemens | simatic_teleservice_adapter_ie_standard | - | |
| siemens | simatic_teleservice_adapter_ie_basic_firmware | * | |
| siemens | simatic_teleservice_adapter_ie_basic | - | |
| siemens | simatic_teleservice_adapter_ie_advanced_firmware | * | |
| siemens | simatic_teleservice_adapter_ie_advanced_modem | - | |
| siemens | sitop_psu8600_firmware | * | |
| siemens | sitop_psu8600 | - | |
| siemens | ups1600_profinet_firmware | * | |
| siemens | ups1600_profinet | - | |
| siemens | simatic_et_200al_firmware | * | |
| siemens | simatic_et_200al | - | |
| siemens | simatic_et_200ecopn_firmware | * | |
| siemens | simatic_et_200ecopn | - | |
| siemens | simatic_et_200m_firmware | * | |
| siemens | simatic_et_200m | - | |
| siemens | simatic_et_200mp_firmware | * | |
| siemens | simatic_et_200mp | - | |
| siemens | simatic_et_200pro_firmware | * | |
| siemens | simatic_et_200pro | - | |
| siemens | simatic_et_200s_firmware | * | |
| siemens | simatic_et_200s | - | |
| siemens | simatic_et_200sp_firmware | * | |
| siemens | simatic_et_200sp | - | |
| siemens | pn\/pn_coupler_firmware | * | |
| siemens | pn\/pn_coupler | - | |
| siemens | dk_standard_ethernet_controller_firmware | * | |
| siemens | dk_standard_ethernet_controller_firmware | 4.1.1 | |
| siemens | dk_standard_ethernet_controller | - | |
| siemens | ek-ertec_200p_pn_io_firmware | * | |
| siemens | ek-ertec_200p_pn_io_firmware | 4.4.0 | |
| siemens | ek-ertec_200p_pn_io | - | |
| siemens | ek-ertec_200_pn_io_firmware | * | |
| siemens | ek-ertec_200_pn_io_firmware | 4.2.1 | |
| siemens | ek-ertec_200_pn_io | - | |
| siemens | simatic_s7-200_smart_firmware | * | |
| siemens | simatic_s7-200_smart | - | |
| siemens | simatic_s7-300_firmware | - | |
| siemens | simatic_s7-300 | - | |
| siemens | simatic_s7-400_firmware | * | |
| siemens | simatic_s7-400 | - | |
| siemens | simatic_s7-1200_firmware | * | |
| siemens | simatic_s7-1200 | - | |
| siemens | simatic_s7-1500_firmware | * | |
| siemens | simatic_s7-1500 | - | |
| siemens | simatic_s7-1500_software_controller_firmware | * | |
| siemens | simatic_s7-1500_software_controller | - | |
| siemens | simatic_winac_rtx_firmware | * | |
| siemens | simatic_winac_rtx_firmware | 2010 | |
| siemens | simatic_winac_rtx | - | |
| siemens | sirius_act_3su1_firmware | * | |
| siemens | sirius_act_3su1 | - | |
| siemens | sirius_soft_starter_3rw44_pn_firmware | * | |
| siemens | sirius_soft_starter_3rw44_pn | - | |
| siemens | sirius_motor_starter_m200d_profinet_firmware | * | |
| siemens | sirius_motor_starter_m200d_profinet | - | |
| siemens | simocode_pro_v_profinet_firmware | * | |
| siemens | simocode_pro_v_profinet | - | |
| siemens | sinamics_dcm_firmware | * | |
| siemens | sinamics_dcm_firmware | 1.4 | |
| siemens | sinamics_dcm_firmware | 1.4 | |
| siemens | sinamics_dcm | - | |
| siemens | sinamics_dcp_firmware | * | |
| siemens | sinamics_dcp_firmware | 1.2 | |
| siemens | sinamics_dcp | - | |
| siemens | sinamics_g110m_firmware | * | |
| siemens | sinamics_g110m_firmware | 4.7 | |
| siemens | sinamics_g110m | - | |
| siemens | sinamics_g120\(c\/p\/d\)_w._pn_firmware | * | |
| siemens | sinamics_g120\(c\/p\/d\)_w._pn_firmware | 4.7 | |
| siemens | sinamics_g120\(c\/p\/d\)_w._pn | - | |
| siemens | sinamics_g130_firmware | * | |
| siemens | sinamics_g130_firmware | 4.7 | |
| siemens | sinamics_g130 | - | |
| siemens | sinamics_g150_firmware | * | |
| siemens | sinamics_g150_firmware | 4.7 | |
| siemens | sinamics_g150 | - | |
| siemens | sinamics__s110_pn_firmware | * | |
| siemens | sinamics__s110_pn_firmware | 4.4 | |
| siemens | _s110_pn | - | |
| siemens | sinamics_s120_firmware | * | |
| siemens | sinamics_s120_firmware | 4.7 | |
| siemens | sinamics_s120 | - | |
| siemens | sinamics_s150_firmware | * | |
| siemens | sinamics_s150_firmware | 4.7 | |
| siemens | sinamics_s150 | - | |
| siemens | sinamics_v90_pn_firmware | * | |
| siemens | sinamics_v90_pn | - | |
| siemens | simotion_firmware | * | |
| siemens | simotion_firmware | 4.5 | |
| siemens | simotion | - | |
| siemens | sinumerik_828d_firmware | * | |
| siemens | sinumerik_828d_firmware | 4.5 | |
| siemens | sinumerik_828d | - | |
| siemens | sinumerik_840d_sl_firmware | * | |
| siemens | sinumerik_840d_sl_firmware | 4.5 | |
| siemens | sinumerik_840d_sl | - | |
| siemens | simatic_hmi_comfort_panels | * | |
| siemens | simatic_hmi_comfort_panels | - | |
| siemens | simatic_hmi_multi_panels | * | |
| siemens | simatic_hmi_multi_panels | - | |
| siemens | simatic_hmi_mobile_panels | * | |
| siemens | simatic_hmi_mobile_panels | - | |
| siemens | simatic_cp_1243-1_irc_firmware | * | |
| siemens | simatic_cp_1243-1_irc | - | |
| siemens | simatic_cp_1243-1_iec_firmware | * | |
| siemens | simatic_cp_1243-1_iec | - | |
| siemens | simatic_cp_1243-1_dnp3_firmware | * | |
| siemens | simatic_cp_1243-1_dnp3 | - | |
| siemens | simatic_dk-1604_pn_io_firmware | * | |
| siemens | simatic_dk-1604_pn_io | - | |
| siemens | simatic_tdc_cpu555_firmware | * | |
| siemens | simatic_tdc_cpu555 | - | |
| siemens | simatic_tdc_cp51m1_firmware | * | |
| siemens | simatic_tdc_cp51m1 | - | |
| siemens | sinamics_gh150_firmware | * | |
| siemens | sinamics_gh150_firmware | 4.7 | |
| siemens | sinamics_gh150 | - | |
| siemens | sinamics_gl150_firmware | * | |
| siemens | sinamics_gl150_firmware | 4.8 | |
| siemens | sinamics_gl150 | - | |
| siemens | sinamics_gm150_firmware | * | |
| siemens | sinamics_gm150_firmware | 4.7 | |
| siemens | sinamics_gm150 | - | |
| siemens | sinamics_sl150_firmware | * | |
| siemens | sinamics_sl150_firmware | 4.8 | |
| siemens | sinamics_sl150 | - | |
| siemens | sinamics_sm120_firmware | * | |
| siemens | sinamics_sm120_firmware | 4.8 | |
| siemens | sinamics_sm120 | - | |
| siemens | extension_unit_12_profinet_firmware | * | |
| siemens | extension_unit_12_profinet | - | |
| siemens | extension_unit_15_profinet_firmware | * | |
| siemens | extension_unit_15_profinet | - | |
| siemens | extension_unit_19_profinet_firmware | * | |
| siemens | extension_unit_19_profinet | - | |
| siemens | extension_unit_22_profinet_firmware | * | |
| siemens | extension_unit_22_profinet | - | |
| siemens | simatic_cp_1242-7_gprs_firmware | * | |
| siemens | simatic_cp_1242-7_gprs | - | |
| siemens | simatic_cp_1243-7_lte\/us_firmware | * | |
| siemens | simatic_cp_1243-7_lte\/us | - | |
| siemens | simatic_cp_1243-8_firmware | * | |
| siemens | simatic_cp_1243-8 | - | |
| siemens | simatic_cp_1626_firmware | * | |
| siemens | simatic_cp_1626 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_std_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF143FA-311E-4081-805F-BBDB72003556",
"versionEndExcluding": "3.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_343-1_std:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C351559-6D8D-4EA8-87D6-83003844BD97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47A5C59B-DAB3-4B05-B9FA-B75685F4AE2A",
"versionEndExcluding": "3.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2A18E2-F88F-4DC1-81E9-AC836C85A248",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_adv_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0622A2-C918-4062-938A-8736469F8286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_343-1_adv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "438184C5-3A2C-4DEE-8FF2-0EFBAA1BA37A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_std_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8BECDB-D55A-4B74-ADEC-CDDBAC4E3481",
"versionEndExcluding": "3.2.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_443-1_std:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8C873A-25EB-4787-9F25-DC5852337093",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_adv_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58E4035F-02AB-4B6D-A9AF-556DBE021C30",
"versionEndExcluding": "3.2.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_443-1_adv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75013961-5B00-42E9-9061-CF2E9A4FC090",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_opc-ua_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32DC8BB2-9BC6-4CC2-9CF0-28DF8AEC595A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_443-1_opc-ua:-:*:*:*:*:*:*:*",
"matchCriteriaId": "977E97C8-959F-4146-8BFD-0FCF014B1534",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE1A019-4BC4-4352-BA16-05629A20F89F",
"versionEndExcluding": "2.1.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cm_1542-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE0A3E5-0069-4AD5-B287-88BE5D0291F1",
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cm_1542-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3A00F-252F-4E41-8254-6E8BBD40C4FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B597C8-0401-458F-8DF9-062B5E833115",
"versionEndExcluding": "1.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C868560-8BAE-462D-AED0-3C52EA9B6DB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AF0B55-84D1-46FA-B3A1-81EB2E2FED18",
"versionEndExcluding": "1.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E3782-7F36-4BC3-8D00-E1961E3105E3",
"versionEndExcluding": "1.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "843A8686-5172-4782-BB97-B5D3C6FB27A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807D97E1-7680-4B8F-85AD-F56F039669D1",
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf650r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37B4E3A9-FE27-4A31-A213-92B461A5C846",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf650r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82C2C69-D983-4317-968B-D1855DF8AE43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf680r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "177A6E55-8D64-4CB8-B366-AE272E715932",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf680r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "450DE127-DFED-4799-B8EA-0F95028E4BC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf685r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72D14DB5-6132-4442-8AB2-3ECE89B1D47C",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf685r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63F70060-0090-4BD7-8BF6-769989879ACD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDC53A8-3F99-481E-9B0A-F5AF296B5BD6",
"versionEndExcluding": "2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA074FBE-1C3E-4441-8C51-52B555B85D9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0424AECD-68D5-45F1-9F55-B72CB4DFE39C",
"versionEndExcluding": "2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6304FA24-F194-4EE2-95F5-35D086F82C01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_dk-1616_pn_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39663B8F-F349-49B3-A0CB-004F11D01E34",
"versionEndExcluding": "2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_dk-1616_pn_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F515DF-36AC-49C1-B013-E87529775AB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45008AE8-8386-4CBA-8C38-10C1A60150C2",
"versionEndExcluding": "5.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A59C91EA-5D1B-4970-8C36-BD76BA420B12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61995A-2018-4DAA-9529-BADC145B267F",
"versionEndExcluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF3DA7A-6B80-4F20-835F-BF071197D1B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC97A506-7E63-43A3-ACB0-DDAF3C5369C3",
"versionEndExcluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6299B-D7E3-4750-B016-7DCBC83C2287",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A4CF89-9DDA-4974-A886-CC0A912017F7",
"versionEndExcluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47F713E4-4B75-476E-BC21-92CA10198AE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x414_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA7C987-779A-4B64-BFAC-73D54618AF04",
"versionEndExcluding": "3.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4C1BEF-D6B4-4260-9AC5-6F903EF6F4B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xm400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EB11E9-4036-4A93-91DC-4D987B5FE2BA",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xm400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC408A8-903F-43A2-9D05-65AD4482FDBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9AF696-211F-4CAD-8A0E-402487E8DC50",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080E722F-FCD4-4967-86EE-151ADC5702E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8763BB9-5DDA-4817-BDA6-63983CD4BC67",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3033B1E-57A6-4AE3-A861-7047CF8EAD79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74BBB98-0146-467E-B77B-E2FA1ABF2ED5",
"versionEndExcluding": "4.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB9921A-5204-40A3-88AB-B7755F5C6875",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2345F75-2CD1-4014-8F90-36A4FB4CC3BE",
"versionEndExcluding": "4.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E917CBBB-EF41-4113-B0CA-EB91889235E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9831567D-6528-4ACA-99F9-1EC42CB4A90D",
"versionEndExcluding": "14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:14:-:*:*:*:*:*:*",
"matchCriteriaId": "27BC04E4-8C6F-4A66-86C4-A8F793A10BDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:softnet_profinet_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E348069A-B809-4DF6-81E9-DC52C6E2C268",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ie\\/pb-link_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED91175-0AF3-424A-8C49-43587BB95EAB",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ie\\/pb-link:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D43C16C-0719-4648-903F-6CC0FFF1835A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ie\\/as-i_link_pn_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E909C1E-9329-4459-ACE3-AD906CD4A968",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ie\\/as-i_link_pn_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317863B6-0B71-4D03-83FE-FC59EBB5307C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_standard_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C887573-8BE8-42CF-B35A-22F9311AC627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_standard:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5A3F7E-D039-430F-89B0-6AB4FD2428D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_basic_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80D166A8-1EEC-42F4-8EAB-1747247A7A05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_basic:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA520B6-5177-43E4-87C0-C215F79FE9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_advanced_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E76BDE-C7E9-4D6B-B5D9-A456516CD016",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_advanced_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF513598-C3FA-4555-8133-A7276DDAFAC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sitop_psu8600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5468C9FA-ADD9-4FD3-89FE-C3621F5CB0EC",
"versionEndExcluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sitop_psu8600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55058209-8AE5-42AF-80D4-5A7A44307266",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ups1600_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B85DBA-24CA-4F95-89A5-D53D5AC69B0E",
"versionEndExcluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ups1600_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC84D6F-F5E0-47CF-B11E-1C43F866D972",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200al_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9D0595-53CD-48C0-82E3-DB0B2EC17721",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200al:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34C17B00-34B5-4A15-9333-252BE2975F37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0B998-E408-408F-8F78-5E90F74E9C9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0259EAE9-0CA0-49A5-A573-8339604A181B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E56570-5C20-40BD-BF0B-F6ED06AFC8F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7037E46B-4FE5-4693-B6A6-B5AF7B652C4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BE63B0-F44E-4FCD-B00C-77595BACC62E",
"versionEndExcluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49DA8715-D671-4D8F-A870-E61960A5AFA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D054139B-BE36-4B34-88AE-BC487DCB1DCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0CE2EC-9A73-4576-A389-A19893D47B0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB063929-AAB0-4FF8-BCA3-71BA80517B1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1EC40E7-F004-446C-B5C9-0AB9911105E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200sp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BACBC9-7C60-4A41-B8C6-A5E46B568029",
"versionEndExcluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200sp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691CA334-4394-4ED6-B417-F67FC92228AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:pn\\/pn_coupler_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32BD232D-A6BB-4D7B-BD00-1085D08D8A77",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:pn\\/pn_coupler:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2846BD-9DAB-44A2-87C9-39E3ACFE03FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE40195-DE5A-4B9C-9455-FAF92FF090D0",
"versionEndExcluding": "4.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9B339839-3D74-4E13-9EB6-24CA46F991A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53DF35F1-94FF-4D0B-9FA2-E8B0AFAEA5FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9329BF4-D00A-4138-AA4C-93022002C0B9",
"versionEndExcluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:4.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7863DDDC-D5CE-44FE-89C4-0E8A702A91A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ek-ertec_200p_pn_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E62802E3-AFA3-4023-9671-95C220397956",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C46E084-9732-4920-86C2-3A91830CBCE3",
"versionEndExcluding": "4.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "18C8B2FB-87C3-4DBB-9960-53FA545F26CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ek-ertec_200_pn_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42D3FAF4-9B78-4EEF-8D80-17E9B98228D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-200_smart_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "251EE4B2-F1C7-4ACF-B90D-4C0FE3D181E5",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-200_smart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "598EEFC9-5240-4011-9017-A9557585AA19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C096137-C1E3-4D19-87A9-BEB7A081DD1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFD4E99-5C66-443F-8B6F-FA01C895DE78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2570E321-C28E-46FA-8693-1230B3B5FD1B",
"versionEndExcluding": "6.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F97B67B-4516-4AD9-B33C-7F480EE0DB4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "582B49BD-4565-4D19-BBE6-A193BDFCE8B0",
"versionEndExcluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC545350-FD53-4B2E-886F-E20F12260C9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D24953B-B3DF-4150-810C-64A94A55E829",
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DDEA9B-E1BF-4572-8E12-D13C54603E77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_software_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E696D071-8601-40AA-BAF5-1452940E1D6E",
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4D4D21-9868-4FA3-89A8-1EEC473383EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDBB38-20D2-48C3-8B58-62C2D8CC00B8",
"versionEndExcluding": "2010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010:-:*:*:*:*:*:*",
"matchCriteriaId": "EA59D713-F342-4CDA-BDC8-108352D385DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5ADAB0-3985-4933-8CDD-D1546D8271CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E36412A-1AAB-42D1-B0B4-7A7BBF3CB317",
"versionEndExcluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8582A3E8-C05E-4D0B-851D-8C3181ED61CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sirius_soft_starter_3rw44_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F84A65E6-4672-4B62-826E-6FAAE0B4A89D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sirius_soft_starter_3rw44_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB058FA-3E70-4489-AAB1-0CB7EF16A2E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sirius_motor_starter_m200d_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D42184E-8998-4C40-9612-5C9DE193CC06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sirius_motor_starter_m200d_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5CB62E-04B7-4DD3-AA06-EB4A4FA58E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simocode_pro_v_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FDB53A-8F5D-46AA-9366-F6480B12D744",
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simocode_pro_v_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "352651A0-F7CE-4689-8597-15F3764707A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2943F3-C46C-462E-9062-EE7B3E56CF72",
"versionEndExcluding": "1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.4:-:*:*:*:*:*:*",
"matchCriteriaId": "975EFBBB-33E1-4D04-9E06-93553D45539C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "99A0D811-2751-420E-AD85-B6EC777C8CAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A43D34-ECA3-4330-B85F-02BDD1D22149",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7A7140-62A2-434F-AB79-1D47C918F1FE",
"versionEndExcluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_dcp_firmware:1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A2B61A79-C2B0-4C3D-A63C-B20FF78B2981",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B75F50CA-7371-4BC7-8D8A-13F8BC69E4EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "775C90BB-C026-435C-889A-517EF85656C5",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "CAA92AC6-7DA0-418D-A13F-69268DFD7966",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D61D3E9C-1346-4354-BCD9-B02F67500C41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_g120\\(c\\/p\\/d\\)_w._pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "413AA7BE-CFE1-49DB-965F-1BD50D61F82F",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_g120\\(c\\/p\\/d\\)_w._pn_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "82B4BE4B-3AE5-4039-B18D-A5DE3F1DDEF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_g120\\(c\\/p\\/d\\)_w._pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE820D5-16B2-4565-9D83-AF018C08B5E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3B0706-47CD-43FB-8E3A-7EEEF020AFBA",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "1D36CF8D-6DA4-49ED-9EF1-F96292F671EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "373DBE44-AC28-4D04-93BB-35CD8C60E899",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC731378-CB83-4C15-BC6A-5A86DF9B62F1",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_g150_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "51A78A0B-5D75-418A-98AC-6EBF50D89A8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2296CA65-0E89-4BCB-8003-E7212BF1F585",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics__s110_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7143613F-4627-4F62-8F1B-E64CCB20F3D1",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics__s110_pn_firmware:4.4:-:*:*:*:*:*:*",
"matchCriteriaId": "B428560B-2CAC-4A63-B677-724D95E12023",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:_s110_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23B97849-01A7-4A8F-84DD-D25CF84D010B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A0BE57-1A9A-4564-9C53-CF47DEEF7991",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "376556D0-1AE2-4F80-B3CE-C0251E35C326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A824BD-935F-4E53-8313-C5544B0489C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772FF972-2193-4639-B454-F92762E49C39",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_s150_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "EE2B31F0-D45F-4B42-95D2-540C68C5F3DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D48682C-A39D-4A09-B904-50FA64A9D2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_v90_pn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE54303-4FDA-42C7-B33B-BA884CD31339",
"versionEndExcluding": "1.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_v90_pn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D870F289-F2BC-4105-A8F0-30E47CDE9FEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A7198A-D6C5-4FBF-8860-5C8EA864718B",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simotion_firmware:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "B5DA6BF7-ECB8-47F1-A791-E65CFF89A608",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simotion:-:*:*:*:*:*:*:*",
"matchCriteriaId": "879CF09E-4735-4A73-8E7B-215F2701F7E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71CD07D8-ECED-47EF-B2BC-0585F9BB00C1",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinumerik_828d_firmware:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "AEB948AA-7BD7-4A0F-B86E-38ECD722C086",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D97047C-9772-4AEB-B993-131EBBAE33BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28E3AB24-86B4-485D-8D3A-131E5C7F0108",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "40AC387B-B799-4A34-8C9E-73D05B86801D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "765286DF-07EC-4C7A-AB8C-09559CD977EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE53BC8E-CDA7-476A-87CA-532F365C79A7",
"versionEndExcluding": "15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCFE761-35C9-43EF-85BC-E8083B9F75CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1150AED-CDBE-492C-95FF-3E02B3B447F1",
"versionEndExcluding": "15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAE6A83-737B-47A9-86BB-652C7F6A8013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_mobile_panels:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8D21B-9CF4-4C2E-B33C-212BA29C7124",
"versionEndExcluding": "15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_mobile_panels:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55E03180-BE77-4A22-A6C1-FE90B9760570",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02610368-4B97-4B3F-8592-64CF8F65D8AD",
"versionEndExcluding": "2.1.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7964A-E7A4-4CDE-B376-5BBEC5F00A73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5003DA-5488-47C1-B442-9137E849FDD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE96226-A2DF-4A9E-8CBB-8D7CF328E404",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF9D803-FF47-4400-B2C4-1F4EE28E5AA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFBFB96-1A35-4724-831B-68E3A9C32921",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_dk-1604_pn_io_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65EDC583-1BCE-4787-820F-39DBD280DADF",
"versionEndExcluding": "2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_dk-1604_pn_io:-:*:*:*:*:*:*:*",
"matchCriteriaId": "568ED124-AEE8-4BDC-BB89-0F8F83BA7537",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D87643C3-6525-4CBD-BC0C-6B4DC30C8642",
"versionEndExcluding": "1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE6AB995-D67B-43E5-B8FF-97C38D20CB10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C936A7A-1AF9-44E4-9CEC-0694A424616B",
"versionEndExcluding": "1.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA1E7C4-6352-41A4-8A94-C24DDB456572",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_gh150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F052D2-B537-4BF9-AF05-60107FDE0BEA",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_gh150_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "96C7E194-617D-4593-B544-10AEFF59CCA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF977545-395A-4C34-BB22-A1047B5B6E85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_gl150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3653DA37-DB23-41E0-8CE8-838E384AA40A",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-:*:*:*:*:*:*",
"matchCriteriaId": "0F86A334-10F9-4DFB-A421-CBCAFD86C8C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DED7F33B-D475-4232-8683-48554A6729F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_gm150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF93390-E65B-434E-9891-271DF7D11F47",
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_gm150_firmware:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "55F6B737-7237-4D38-A0F0-9EFCE76DC9C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD76CFB0-B5D7-40DC-8D14-FC9C9BACF3CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_sl150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD67D30A-8681-41AE-B248-7E50BA1B9FC8",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_sl150_firmware:4.8:-:*:*:*:*:*:*",
"matchCriteriaId": "FCC0EE8B-1088-46B6-992A-B8E12A7B7DC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6619B0F-7CDC-40A6-89B2-C6067AF45214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinamics_sm120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31393A1B-4DBC-476D-875E-463B4B887E1B",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sinamics_sm120_firmware:4.8:-:*:*:*:*:*:*",
"matchCriteriaId": "0206F9F2-27C7-4D2F-817B-13F8FA31E547",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "444DD77F-DB65-4766-A89D-7A679B4CA1E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:extension_unit_12_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E789146F-1FA4-42E4-B867-FD0F5A7316CA",
"versionEndExcluding": "01.01.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:extension_unit_12_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0B32CC-8268-4B38-BBC7-51154882EC82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:extension_unit_15_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05B55989-A3E9-4AA1-A619-C75FEAA0B5DA",
"versionEndExcluding": "01.01.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:extension_unit_15_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05435D-9A52-4D43-BE74-7D4C6C156AC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:extension_unit_19_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52156691-1368-4C77-98A7-EA63089091C5",
"versionEndExcluding": "01.01.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:extension_unit_19_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE8B9B8-3C49-4296-9BC0-7E030878D479",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:extension_unit_22_profinet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC052323-2E00-415D-847A-66F77AD5C3FD",
"versionEndExcluding": "01.01.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:extension_unit_22_profinet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F884CAF-D152-4318-B49B-0D68936D2BD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E035CB-0F76-47C0-B2C7-93AFA8A7B38B",
"versionEndExcluding": "2.1.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AEC7D6-7E5E-4CFF-99C8-7FBADA2479D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte\\/us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CEE93A-9641-424B-AF55-2C550CA568F2",
"versionEndExcluding": "2.1.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte\\/us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00DDA679-D761-4986-A0A0-4C00178DF0B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D21A891-321B-42A3-8173-8E0743AEDD65",
"versionEndExcluding": "2.1.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0116F3-67FA-4129-B1FF-023774D179AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1626_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71BAF32C-35EA-4704-B75D-9EED01F8264B",
"versionEndExcluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*",
"matchCriteriaId": "581EA284-EDD6-4EA5-96B2-67904D1D9DC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected."
},
{
"lang": "es",
"value": "Los paquetes de difusi\u00f3n PROFINET DCP especialmente elaborados podr\u00edan causar una condici\u00f3n de denegaci\u00f3n de servicio de los productos afectados en un segmento Ethernet local (capa 2). Se requiere la interacci\u00f3n humana para recuperar los sistemas. Las interfaces PROFIBUS no est\u00e1n afectadas"
}
],
"id": "CVE-2017-2680",
"lastModified": "2024-11-21T03:23:57.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2017-05-11T01:29:05.400",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98369"
},
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038463"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-284673.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02"
},
{
"source": "productcert@siemens.com",
"tags": [
"Broken Link"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-284673.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-293562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-18 21:59
Modified
2024-11-21 02:59
Severity ?
Summary
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94436 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf | Patch, Vendor Advisory | |
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf | ||
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94436 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_1543-1_firmware | - | |
| siemens | simatic_cp_1543-1 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB8F11F5-9982-4D82-99DC-F96C595CF607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (Todas las versiones anteriores a V2.0.28), SIPLUS NET CP 1543-1 (Todas las versiones anteriores a V2.0.28). Los usuarios con privilegios elevados para el TIA-Portal y los datos del proyecto en la estaci\u00f3n de ingenier\u00eda podr\u00edan obtener acceso privilegiado en los dispositivos afectados"
}
],
"id": "CVE-2016-8561",
"lastModified": "2024-11-21T02:59:34.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-18T21:59:00.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94436"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2025-01-14 11:15
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0), SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-413565.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-517377.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_1242-7_v2_firmware | * | |
| siemens | simatic_cp_1242-7_v2 | - | |
| siemens | simatic_cp_1243-1_firmware | * | |
| siemens | simatic_cp_1243-1 | - | |
| siemens | simatic_cp_1243-7_lte_eu_firmware | * | |
| siemens | simatic_cp_1243-7_lte_eu | - | |
| siemens | simatic_cp_1243-7_lte_us_firmware | * | |
| siemens | simatic_cp_1243-7_lte_us | - | |
| siemens | simatic_cp_1243-8_irc_firmware | * | |
| siemens | simatic_cp_1243-8_irc | - | |
| siemens | simatic_cp_1542sp-1_irc_firmware | * | |
| siemens | simatic_cp_1542sp-1_irc | - | |
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - | |
| siemens | simatic_cp_1543sp-1_firmware | * | |
| siemens | simatic_cp_1543sp-1 | - | |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware | * | |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail | - | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_firmware | * | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec | - | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware | * | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail | - | |
| siemens | siplus_net_cp_1242-7_v2_firmware | * | |
| siemens | siplus_net_cp_1242-7_v2 | - | |
| siemens | siplus_net_cp_1543-1_firmware | * | |
| siemens | siplus_net_cp_1543-1 | - | |
| siemens | siplus_s7-1200_cp_1243-1_firmware | * | |
| siemens | siplus_s7-1200_cp_1243-1 | - | |
| siemens | siplus_s7-1200_cp_1243-1_rail_firmware | * | |
| siemens | siplus_s7-1200_cp_1243-1_rail | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "840C5C25-1E34-42FA-8221-7232622C204F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D4C72C-4E84-4563-9D66-5C641AB996BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D7928-8E1A-400E-B790-58D6F5938E3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93D43BC6-EDE3-4EE1-9410-4717EB641AD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "651C66E8-B3C0-4E88-BC7C-30BF16A7F7A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786F3FFD-87E4-45B9-A33C-BAE58379FF39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9224A6-8A35-4F4F-951F-5B24B89E5FC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AA6B43-7FC7-465A-9CD8-E8A4D6DBCD27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A45F37-1E7D-4748-ADAC-EC4C454B693A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1674851A-D8DC-47C5-9D63-2F1082CE0366",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC6ACFD-8893-4EA3-976B-FAAF7240C5DB",
"versionEndExcluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78127221-D455-4145-9B84-A598A284D591",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "843A8686-5172-4782-BB97-B5D3C6FB27A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C55242-F638-415E-B683-EE1484770105",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3E5DDA-1BD4-4511-A2C8-4B5D40E6755E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07505420-ADE4-4409-AFCC-45BCBC995543",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A60FC550-A518-46BF-9124-E21DD654981C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C624BBC7-D8C5-4C2F-B56B-D59D55F013F8",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25634AD2-2CC0-45AF-B5DE-39D30CBA91A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE26E32-47C0-4976-A23A-07C1AE318C35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "116E84DA-31F7-4AAC-A1AE-491C4C98BD49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CDCCE3-B8C0-44D4-A8A0-25C49A4EA240",
"versionEndExcluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E700BF4C-64B1-455C-A6A6-3E4D71FB91B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E746CF-4009-4A14-8916-A9E0276CAF8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3C83EF-5D93-4F0B-80F9-997261F3DBA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A294530-727C-4535-8B02-668DF74587D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0), SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-1 (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-7 LTE EU (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-7 LTE US (Todas las versiones anteriores a V3. 3.46), SIMATIC CP 1243-8 IRC (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1542SP-1 IRC (Todas las versiones posteriores o iguales a V2.0), SIMATIC CP 1543-1 (Todas las versiones anteriores a V3.0.22), SIMATIC CP 1543SP-1 (Todas las versiones posteriores o iguales a V2. 0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (Todas las versiones posteriores o iguales a V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (Todas las versiones posteriores o iguales a V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (Todas las versiones posteriores o iguales a V2. 0), SIPLUS NET CP 1242-7 V2 (Todas las versiones anteriores a V3.3.46), SIPLUS NET CP 1543-1 (Todas las versiones anteriores a V3.0.22), SIPLUS S7-1200 CP 1243-1 (Todas las versiones anteriores a V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (Todas las versiones anteriores a V3.3.46). Al inyectar c\u00f3digo a opciones de configuraci\u00f3n espec\u00edficas para OpenVPN, un atacante podr\u00eda ejecutar c\u00f3digo arbitrario con privilegios elevados"
}
],
"id": "CVE-2022-34821",
"lastModified": "2025-01-14T11:15:10.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2022-07-12T10:15:12.393",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-413565.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-517377.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:50
Severity ?
Summary
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch, Third Party Advisory | |
| support@hackerone.com | https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | Third Party Advisory | |
| support@hackerone.com | https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf | Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/1223565 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ | Mailing List, Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20210902-0003/ | Third Party Advisory | |
| support@hackerone.com | https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory | |
| support@hackerone.com | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| support@hackerone.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1223565 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | libcurl | * | |
| fedoraproject | fedora | 33 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | cloud_backup | - | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_baseboard_management_controller_firmware | - | |
| oracle | mysql_server | * | |
| oracle | mysql_server | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| siemens | sinec_infrastructure_network_services | * | |
| siemens | sinema_remote_connect_server | * | |
| siemens | logo\!_cmr2040_firmware | * | |
| siemens | logo\!_cmr2040 | - | |
| siemens | logo\!_cmr2020_firmware | * | |
| siemens | logo\!_cmr2020 | - | |
| siemens | ruggedcomrm_1224_lte_firmware | * | |
| siemens | ruggedcomrm_1224_lte | - | |
| siemens | scalance_m804pb_firmware | * | |
| siemens | scalance_m804pb | - | |
| siemens | scalance_m812-1_firmware | * | |
| siemens | scalance_m812-1 | - | |
| siemens | scalance_m816-1_firmware | * | |
| siemens | scalance_m816-1 | - | |
| siemens | scalance_m826-2_firmware | * | |
| siemens | scalance_m826-2 | - | |
| siemens | scalance_m874-2_firmware | * | |
| siemens | scalance_m874-2 | - | |
| siemens | scalance_m874-3_firmware | * | |
| siemens | scalance_m874-3 | - | |
| siemens | scalance_m876-3_firmware | * | |
| siemens | scalance_m876-3 | - | |
| siemens | scalance_m876-4_firmware | * | |
| siemens | scalance_m876-4 | - | |
| siemens | scalance_mum856-1_firmware | * | |
| siemens | scalance_mum856-1 | - | |
| siemens | scalance_s615_firmware | * | |
| siemens | scalance_s615 | - | |
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - | |
| siemens | simatic_cp_1545-1_firmware | * | |
| siemens | simatic_cp_1545-1 | - | |
| siemens | simatic_rtu3010c_firmware | * | |
| siemens | simatic_rtu3010c | - | |
| siemens | simatic_rtu3030c_firmware | * | |
| siemens | simatic_rtu3030c | - | |
| siemens | simatic_rtu3031c_firmware | * | |
| siemens | simatic_rtu3031c | - | |
| siemens | simatic_rtu_3041c_firmware | * | |
| siemens | simatic_rtu_3041c | - | |
| siemens | sinema_remote_connect | * | |
| siemens | siplus_net_cp_1543-1_firmware | * | |
| siemens | siplus_net_cp_1543-1 | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDD6146-08DE-414A-AF65-668F1A002099",
"versionEndExcluding": "7.77.0",
"versionStartIncluding": "7.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E74B879-B396-496C-979B-8A7211EDCA0D",
"versionEndIncluding": "5.7.36",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "709E83B4-8C66-4255-870B-2F72B37BA8C6",
"versionEndIncluding": "8.0.26",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98CC9C9A-FE14-4D50-A8EC-C309229356C8",
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:logo\\!_cmr2040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F58182A-EB6D-442B-846A-8BD5BE4313E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:logo\\!_cmr2040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED47A12-5637-40E2-BE39-B76B789C0DFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:logo\\!_cmr2020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0D5C4-F0DA-42D9-A594-CB1BE6E7451F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:logo\\!_cmr2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E5F42B-63E3-4B2D-A03F-983F51EE0648",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcomrm_1224_lte_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "139740E9-9828-4F2E-B11D-3BFE1B96992C",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcomrm_1224_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A650A1E-4DB0-415A-9BF4-0016798CD622",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44695DA0-6E69-4444-BEBB-391E818B9FC0",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EBA42A-93FF-4883-8626-EF78D38374D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87B7BB84-89FC-440B-9647-6D5E99C46AED",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m812-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31EAEF72-8B41-44E0-A33B-753AF85A3106",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F93C36C9-9E80-48B6-8025-0DA656B7AE0B",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m816-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5908438F-2575-46EB-AC96-5F33D018AFAC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15374104-A17C-44B4-801F-C81D3FB97527",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60458734-FF87-48E9-9B63-5AB9EA5ED0E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E587E31C-E9CA-4925-A2FE-22F46C5A3E81",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C933ED27-2206-4734-8EB8-6A6431D1FBF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82B624-BD88-4B43-A590-FF39D136A4D4",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3258DC7-0461-4C65-8292-85C9965EA83D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0626BD-AAE2-4853-AC96-8A3F2516A972",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD221BA9-3448-49E4-B3A3-D88B939785AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DD88D4-3DB3-473C-8613-AE425E7DF03C",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94E4CCE9-71F7-4960-B7DE-5298EFB7C619",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03B602E7-05E4-42F7-8850-2369F118D32C",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_mum856-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17BEBCAB-D640-4F6D-9579-4A54C76D80F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116A0913-61A8-41EA-89D1-AC46384254B8",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E917CBBB-EF41-4113-B0CA-EB91889235E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC6ACFD-8893-4EA3-976B-FAAF7240C5DB",
"versionEndExcluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D599BF67-DFBB-4107-ACD9-1231D12EC9B5",
"versionEndExcluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C557DEBB-B71C-42E5-BBCE-0CFF3D10D700",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rtu3010c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22BE5ED5-4690-4D60-AA95-915CC02266E2",
"versionEndExcluding": "5.0.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rtu3010c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F32339C-D992-45F3-B975-D3E1118B881E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD88F06C-6E0F-463C-94E5-CB68601D728E",
"versionEndExcluding": "5.0.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A66DD04-4C58-45D8-A8C5-6817B05DBA14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFBC62C-7F21-4312-B6BB-FC80894100BB",
"versionEndExcluding": "5.0.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48F0595C-286F-4EB1-8C25-D20FB92A95A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rtu_3041c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74D4B0B4-6F7C-43CF-AFB8-6C53BA5C6577",
"versionEndExcluding": "5.0.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rtu_3041c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F30B6004-31BF-408A-B1C5-4A7937391F41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5E4FE6-D2D5-40E4-A68C-6EA6AC7E1A3C",
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CDCCE3-B8C0-44D4-A8A0-25C49A4EA240",
"versionEndExcluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate."
},
{
"lang": "es",
"value": "libcurl mantiene las conexiones usadas previamente en un pool de conexiones para reusarlas en posteriores transferencias, si una de ellas coincide con la configuraci\u00f3n. Debido a errores en la l\u00f3gica, la funci\u00f3n de coincidencia de la configuraci\u00f3n no ten\u00eda en cuenta \"issuercert\" y comparaba las rutas implicadas *sin tener en cuenta el caso*, que pod\u00eda conllevar a que libcurl reusara conexiones err\u00f3neas. Las rutas de los archivos son, o pueden ser, casos confidenciales en muchos sistemas, pero no en todos, y pueden incluso variar dependiendo de los sistemas de archivos usados. La comparaci\u00f3n tampoco inclu\u00eda el \"issuercert\" que una transferencia puede ajustar para calificar c\u00f3mo verificar el certificado del servidor"
}
],
"id": "CVE-2021-22924",
"lastModified": "2024-11-21T05:50:55.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:11.380",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1223565"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1223565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-18 21:59
Modified
2024-11-21 02:59
Severity ?
Summary
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94436 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf | Broken Link, Patch, Vendor Advisory | |
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf | Vendor Advisory | |
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94436 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf | Broken Link, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - | |
| siemens | siplus_net_cp_1543-1_firmware | * | |
| siemens | siplus_net_cp_1543-1 | - |
{
"cisaActionDue": "2022-03-24",
"cisaExploitAdd": "2022-03-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CCE837-13AF-47FB-B4C8-7720F0876229",
"versionEndExcluding": "2.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDA7068-0640-4E8C-A917-DB41F6A9D66A",
"versionEndExcluding": "2.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (Todas las versiones \u0026lt; V2.0.28), SIPLUS NET CP 1543-1 (Todas las versiones \u0026lt; V2.0.28). En condiciones especiales era posible escribir variables SNMP en el puerto 161/udp que deber\u00edan ser de s\u00f3lo lectura y s\u00f3lo deber\u00edan configurarse con TIA-Portal. Una escritura en estas variables podr\u00eda reducir la disponibilidad o causar una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2016-8562",
"lastModified": "2024-11-21T02:59:34.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-18T21:59:02.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94436"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 07:10
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_1242-7_v2_firmware | * | |
| siemens | simatic_cp_1242-7_v2 | - | |
| siemens | simatic_cp_1243-1_firmware | * | |
| siemens | simatic_cp_1243-1 | - | |
| siemens | simatic_cp_1243-7_lte_eu_firmware | * | |
| siemens | simatic_cp_1243-7_lte_eu | - | |
| siemens | simatic_cp_1243-7_lte_us_firmware | * | |
| siemens | simatic_cp_1243-7_lte_us | - | |
| siemens | simatic_cp_1243-8_irc_firmware | * | |
| siemens | simatic_cp_1243-8_irc | - | |
| siemens | simatic_cp_1542sp-1_irc_firmware | * | |
| siemens | simatic_cp_1542sp-1_irc | - | |
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - | |
| siemens | simatic_cp_1543sp-1_firmware | * | |
| siemens | simatic_cp_1543sp-1 | - | |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware | * | |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail | - | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_firmware | * | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec | - | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware | * | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail | - | |
| siemens | siplus_net_cp_1242-7_v2_firmware | * | |
| siemens | siplus_net_cp_1242-7_v2 | - | |
| siemens | siplus_net_cp_1543-1_firmware | * | |
| siemens | siplus_net_cp_1543-1 | - | |
| siemens | siplus_s7-1200_cp_1243-1_firmware | * | |
| siemens | siplus_s7-1200_cp_1243-1 | - | |
| siemens | siplus_s7-1200_cp_1243-1_rail_firmware | * | |
| siemens | siplus_s7-1200_cp_1243-1_rail | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "840C5C25-1E34-42FA-8221-7232622C204F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D4C72C-4E84-4563-9D66-5C641AB996BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D7928-8E1A-400E-B790-58D6F5938E3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93D43BC6-EDE3-4EE1-9410-4717EB641AD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "651C66E8-B3C0-4E88-BC7C-30BF16A7F7A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786F3FFD-87E4-45B9-A33C-BAE58379FF39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9224A6-8A35-4F4F-951F-5B24B89E5FC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AA6B43-7FC7-465A-9CD8-E8A4D6DBCD27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A45F37-1E7D-4748-ADAC-EC4C454B693A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1674851A-D8DC-47C5-9D63-2F1082CE0366",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC6ACFD-8893-4EA3-976B-FAAF7240C5DB",
"versionEndExcluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78127221-D455-4145-9B84-A598A284D591",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "843A8686-5172-4782-BB97-B5D3C6FB27A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C55242-F638-415E-B683-EE1484770105",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3E5DDA-1BD4-4511-A2C8-4B5D40E6755E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07505420-ADE4-4409-AFCC-45BCBC995543",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A60FC550-A518-46BF-9124-E21DD654981C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C624BBC7-D8C5-4C2F-B56B-D59D55F013F8",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25634AD2-2CC0-45AF-B5DE-39D30CBA91A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE26E32-47C0-4976-A23A-07C1AE318C35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "116E84DA-31F7-4AAC-A1AE-491C4C98BD49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CDCCE3-B8C0-44D4-A8A0-25C49A4EA240",
"versionEndExcluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E700BF4C-64B1-455C-A6A6-3E4D71FB91B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E746CF-4009-4A14-8916-A9E0276CAF8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3C83EF-5D93-4F0B-80F9-997261F3DBA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A294530-727C-4535-8B02-668DF74587D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-1 (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-7 LTE EU (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-7 LTE US (Todas las versiones anteriores a V3. 3.46), SIMATIC CP 1243-8 IRC (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1542SP-1 IRC (Todas las versiones posteriores o iguales a V2.0), SIMATIC CP 1543-1 (Todas las versiones anteriores a V3.0.22), SIMATIC CP 1543SP-1 (Todas las versiones posteriores o iguales a V2. 0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (Todas las versiones posteriores o iguales a V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (Todas las versiones posteriores o iguales a V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (Todas las versiones posteriores o iguales a V2. 0), SIPLUS NET CP 1242-7 V2 (Todas las versiones anteriores a V3.3.46), SIPLUS NET CP 1543-1 (Todas las versiones anteriores a V3.0.22), SIPLUS S7-1200 CP 1243-1 (Todas las versiones anteriores a V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (Todas las versiones anteriores a V3.3.46). La aplicaci\u00f3n carece de una validaci\u00f3n adecuada de los datos suministrados por el usuario al analizar mensajes espec\u00edficos. Esto podr\u00eda dar lugar a un desbordamiento del b\u00fafer basado en la pila. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del dispositivo"
}
],
"id": "CVE-2022-34819",
"lastModified": "2024-11-21T07:10:14.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-12T10:15:12.293",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-19 23:15
Modified
2024-11-21 04:23
Severity ?
Summary
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.proftpd.org/show_bug.cgi?id=4372 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/bid/109339 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf | Third Party Advisory | |
| cve@mitre.org | https://github.com/proftpd/proftpd/pull/816 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/ | ||
| cve@mitre.org | https://seclists.org/bugtraq/2019/Aug/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201908-16 | Third Party Advisory | |
| cve@mitre.org | https://tbspace.de/cve201912815proftpd.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4491 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.proftpd.org/show_bug.cgi?id=4372 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109339 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/proftpd/proftpd/pull/816 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Aug/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201908-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tbspace.de/cve201912815proftpd.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4491 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd | proftpd | * | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "548C4BB5-5D6A-4192-8E99-226018DB40B8",
"versionEndIncluding": "1.3.5b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F3C10E-F168-44C0-BB65-FB74A8EC1EAC",
"versionEndExcluding": "2.2",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306."
},
{
"lang": "es",
"value": "Una vulnerabilidad de copia de archivo arbitraria en mod_copy en ProFTPD hasta versi\u00f3n 1.3.5b, permite la ejecuci\u00f3n de c\u00f3digo remota y la divulgaci\u00f3n de informaci\u00f3n sin autenticaci\u00f3n, un problema relacionado con CVE-2015-3306."
}
],
"id": "CVE-2019-12815",
"lastModified": "2024-11-21T04:23:38.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-19T23:15:11.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=4372"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109339"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/proftpd/proftpd/pull/816"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://tbspace.de/cve201912815proftpd.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=4372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/proftpd/proftpd/pull/816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://tbspace.de/cve201912815proftpd.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4491"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 13:15
Modified
2024-11-13 23:15
Severity ?
Summary
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-654798.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2052BA0E-9603-47F0-BD09-129E226CE99B",
"versionEndExcluding": "4.0.50",
"versionStartIncluding": "4.0.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions \u003e= V4.0.44 \u003c V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (todas las versiones \u0026gt;= V4.0.44 \u0026lt; V4.0.50). Los dispositivos afectados no gestionan correctamente la autorizaci\u00f3n. Esto podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso al sistema de archivos."
}
],
"id": "CVE-2024-50310",
"lastModified": "2024-11-13T23:15:38.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "productcert@siemens.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE"
},
"source": "productcert@siemens.com",
"type": "Primary"
}
]
},
"published": "2024-11-12T13:15:11.660",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-654798.html"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 07:10
Severity ?
8.4 (High) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_1242-7_v2_firmware | * | |
| siemens | simatic_cp_1242-7_v2 | - | |
| siemens | simatic_cp_1243-1_firmware | * | |
| siemens | simatic_cp_1243-1 | - | |
| siemens | simatic_cp_1243-7_lte_eu_firmware | * | |
| siemens | simatic_cp_1243-7_lte_eu | - | |
| siemens | simatic_cp_1243-7_lte_us_firmware | * | |
| siemens | simatic_cp_1243-7_lte_us | - | |
| siemens | simatic_cp_1243-8_irc_firmware | * | |
| siemens | simatic_cp_1243-8_irc | - | |
| siemens | simatic_cp_1542sp-1_irc_firmware | * | |
| siemens | simatic_cp_1542sp-1_irc | - | |
| siemens | simatic_cp_1543-1_firmware | * | |
| siemens | simatic_cp_1543-1 | - | |
| siemens | simatic_cp_1543sp-1_firmware | * | |
| siemens | simatic_cp_1543sp-1 | - | |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware | * | |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail | - | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_firmware | * | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec | - | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware | * | |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail | - | |
| siemens | siplus_net_cp_1242-7_v2_firmware | * | |
| siemens | siplus_net_cp_1242-7_v2 | - | |
| siemens | siplus_net_cp_1543-1_firmware | * | |
| siemens | siplus_net_cp_1543-1 | - | |
| siemens | siplus_s7-1200_cp_1243-1_firmware | * | |
| siemens | siplus_s7-1200_cp_1243-1 | - | |
| siemens | siplus_s7-1200_cp_1243-1_rail_firmware | * | |
| siemens | siplus_s7-1200_cp_1243-1_rail | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB5A20B-3FFD-46DE-A838-D5121AD8CA05",
"versionEndExcluding": "3.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D4C72C-4E84-4563-9D66-5C641AB996BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E20882A0-3D80-45C0-BB83-A064A5D27483",
"versionEndExcluding": "3.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0F009F-A744-40E7-910E-2789BF16648D",
"versionEndExcluding": "3.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "651C66E8-B3C0-4E88-BC7C-30BF16A7F7A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80C6BD76-99C6-4D27-9CCA-ED0915DEFB5B",
"versionEndExcluding": "3.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9224A6-8A35-4F4F-951F-5B24B89E5FC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA4FF14E-2CDA-4A28-BB9E-217AD3C808DB",
"versionEndExcluding": "3.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A45F37-1E7D-4748-ADAC-EC4C454B693A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6C0C17-BDD5-4503-9D8C-3143C6074705",
"versionEndExcluding": "2.2.28",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC6ACFD-8893-4EA3-976B-FAAF7240C5DB",
"versionEndExcluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0A05A9-E1E0-475F-953D-61AC673BF3C4",
"versionEndExcluding": "2.2.28",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "843A8686-5172-4782-BB97-B5D3C6FB27A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B815C6C6-FDE0-404A-8492-27519909A6C3",
"versionEndExcluding": "2.2.28",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3E5DDA-1BD4-4511-A2C8-4B5D40E6755E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B1C1F68-AE3D-47EB-9370-B2FE3F07C3C2",
"versionEndExcluding": "2.2.28",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A60FC550-A518-46BF-9124-E21DD654981C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED5D3BC-ABD7-493D-8998-C1B5F17B3C24",
"versionEndExcluding": "2.2.28",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25634AD2-2CC0-45AF-B5DE-39D30CBA91A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD90115-FA81-4880-B05B-0FEA9FA51C71",
"versionEndExcluding": "3.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "116E84DA-31F7-4AAC-A1AE-491C4C98BD49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CDCCE3-B8C0-44D4-A8A0-25C49A4EA240",
"versionEndExcluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27851880-F35C-495E-8DFF-CB3D03CED376",
"versionEndExcluding": "3.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E746CF-4009-4A14-8916-A9E0276CAF8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C64F3D-FEBC-4AB4-9FCF-19B59F9BF5A3",
"versionEndExcluding": "3.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A294530-727C-4535-8B02-668DF74587D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-1 (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-7 LTE EU (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-7 LTE US (Todas las versiones anteriores a V3. 3.46), SIMATIC CP 1243-8 IRC (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1542SP-1 IRC (Todas las versiones posteriores o iguales a V2.0), SIMATIC CP 1543-1 (Todas las versiones anteriores a V3.0.22), SIMATIC CP 1543SP-1 (Todas las versiones posteriores o iguales a V2. 0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (Todas las versiones posteriores o iguales a V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (Todas las versiones posteriores o iguales a V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (Todas las versiones posteriores o iguales a V2. 0), SIPLUS NET CP 1242-7 V2 (Todas las versiones anteriores a V3.3.46), SIPLUS NET CP 1543-1 (Todas las versiones anteriores a V3.0.22), SIPLUS S7-1200 CP 1243-1 (Todas las versiones anteriores a V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (Todas las versiones anteriores a V3.3.46). La aplicaci\u00f3n no escapa correctamente de algunos campos proporcionados por el usuario durante el proceso de autenticaci\u00f3n. Esto podr\u00eda permitir a un atacante inyectar comandos personalizados y ejecutar c\u00f3digo arbitrario con privilegios elevados"
}
],
"id": "CVE-2022-34820",
"lastModified": "2024-11-21T07:10:15.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-12T10:15:12.343",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}