Vulnerabilites related to siemens - simatic_et_200sp_open_controller
Vulnerability from fkie_nvd
Published
2021-06-09 19:15
Modified
2024-11-21 05:14
Severity ?
Summary
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
▼ | URL | Tags | |
---|---|---|---|
secure@intel.com | https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | Third Party Advisory | |
secure@intel.com | https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | Mailing List, Third Party Advisory | |
secure@intel.com | https://www.debian.org/security/2021/dsa-4934 | Third Party Advisory | |
secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4934 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:intel:atom_c3308:-:*:*:*:*:*:*:*", matchCriteriaId: "5E18B9E2-0659-4A50-88F6-D3D429EC5F8A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3336:-:*:*:*:*:*:*:*", matchCriteriaId: "158C116D-5E24-4593-A283-F6810E424B5E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3338:-:*:*:*:*:*:*:*", matchCriteriaId: "DEE5F25C-8092-4A74-B265-4BB720DA1A4B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3338r:-:*:*:*:*:*:*:*", matchCriteriaId: "C58BF4A8-2B69-49B7-9113-554D61CE9FDB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3436l:-:*:*:*:*:*:*:*", matchCriteriaId: "11C5EF68-F91F-4395-BDC6-CD3B7348C45C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3508:-:*:*:*:*:*:*:*", matchCriteriaId: "A33FC1CB-7983-48B9-AF3C-E3CF958B5FA6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3538:-:*:*:*:*:*:*:*", matchCriteriaId: "FF500096-2B4A-476B-BBCA-1FEE100ABC91", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3558:-:*:*:*:*:*:*:*", matchCriteriaId: "5F17C3AB-AC03-427F-B0A9-9EACD2A231C6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3558r:-:*:*:*:*:*:*:*", matchCriteriaId: "2951F904-97AA-4AE6-B227-0A0D282369ED", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3558rc:-:*:*:*:*:*:*:*", matchCriteriaId: "70C31407-B78D-4406-B3B8-49BD89E674ED", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3708:-:*:*:*:*:*:*:*", matchCriteriaId: "4058BBB2-268F-47E6-BE5A-992C5F460BC6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3750:-:*:*:*:*:*:*:*", matchCriteriaId: "0F191949-2674-4968-90CC-030D6E8901D2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3758:-:*:*:*:*:*:*:*", matchCriteriaId: "6893581C-5447-4FAD-BFCB-41727FAB4CF9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3758r:-:*:*:*:*:*:*:*", matchCriteriaId: "E0E89FF1-C329-4975-9706-75FD84FDD5C2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3808:-:*:*:*:*:*:*:*", matchCriteriaId: "42737F96-25B8-4E3E-AED2-47FA27075A23", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3830:-:*:*:*:*:*:*:*", matchCriteriaId: "D397ED37-60EE-49F0-95F0-2C6F666E9368", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3850:-:*:*:*:*:*:*:*", matchCriteriaId: "65F731F9-59EB-4161-AB8B-506BC336B987", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3858:-:*:*:*:*:*:*:*", matchCriteriaId: "9F35B073-EA5F-4746-AB8B-674C9EAFDC3E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3950:-:*:*:*:*:*:*:*", matchCriteriaId: "9EA6C3DB-8E6D-4CF8-BD52-B362C83DF4A4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3955:-:*:*:*:*:*:*:*", matchCriteriaId: "C6107B3F-C7FE-46EF-A80E-1A4DD55F9306", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c3958:-:*:*:*:*:*:*:*", matchCriteriaId: "36E7FA68-B62B-4EEF-B8EA-665026E1E3F3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_p5942b:-:*:*:*:*:*:*:*", matchCriteriaId: "9D860FEC-BA79-4FEE-A79C-88AA857358E4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x5-a3930:-:*:*:*:*:*:*:*", matchCriteriaId: "E374730D-0311-47F5-9EE3-ECD205693167", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x5-a3940:-:*:*:*:*:*:*:*", matchCriteriaId: "45765887-0882-4D33-9D32-675581C35BC6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x5-a3950:-:*:*:*:*:*:*:*", matchCriteriaId: "8B2D4F4B-6DB7-414D-A41F-DA17D7C1AA52", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x5-a3960:-:*:*:*:*:*:*:*", matchCriteriaId: "2EB4891F-358E-4A6E-A3D4-C83F8E45B19D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x6200fe:-:*:*:*:*:*:*:*", matchCriteriaId: "89231773-9D9B-434A-A6A3-8527C4F6FEBB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x6211e:-:*:*:*:*:*:*:*", matchCriteriaId: "A85EA674-2537-4323-AEDA-FA356489E7DE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x6212re:-:*:*:*:*:*:*:*", matchCriteriaId: "F85599DD-3F80-4EB0-9753-D24EDD8D76CC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x6413e:-:*:*:*:*:*:*:*", matchCriteriaId: "1B3348F4-8E2B-42BE-9F3A-48DFF5CE0047", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x6425e:-:*:*:*:*:*:*:*", matchCriteriaId: "7F068F4F-8CCD-4218-871C-BEABEB0DAB55", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x6425re:-:*:*:*:*:*:*:*", matchCriteriaId: "7313975C-41A5-4657-8758-1C16F947BE4C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x6427fe:-:*:*:*:*:*:*:*", matchCriteriaId: "2FBE4406-9979-4723-833C-176F051E6389", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j3355:-:*:*:*:*:*:*:*", matchCriteriaId: "7087FCA7-6D5C-45A5-B380-533915BC608A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j3355e:-:*:*:*:*:*:*:*", matchCriteriaId: "85683891-11D4-47B1-834B-5E0380351E78", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j3455:-:*:*:*:*:*:*:*", matchCriteriaId: "DBF2D89D-AC2D-4EAB-ADF3-66C25FE54E19", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j3455e:-:*:*:*:*:*:*:*", matchCriteriaId: "03D778C7-F242-4A6A-9B62-A7C578D985FC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j4005:-:*:*:*:*:*:*:*", matchCriteriaId: "652EC574-B9B6-4747-AE72-39D1379A596B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j4025:-:*:*:*:*:*:*:*", matchCriteriaId: "522A9A57-B8D8-4C61-92E3-BE894A765C12", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j4105:-:*:*:*:*:*:*:*", matchCriteriaId: "A588BEB3-90B5-482E-B6C4-DC6529B0B4C4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j4125:-:*:*:*:*:*:*:*", matchCriteriaId: "826BAF04-E174-483D-8700-7FA1EAC4D555", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j6413:-:*:*:*:*:*:*:*", matchCriteriaId: "F7A8BF58-1D33-484A-951C-808443912BE8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n3350:-:*:*:*:*:*:*:*", matchCriteriaId: "F5884F21-BAB5-4A45-8C72-C90D07BAECA8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n3350e:-:*:*:*:*:*:*:*", matchCriteriaId: "EC2A2AC5-FA56-49F0-BA00-E96B10FEF889", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n3450:-:*:*:*:*:*:*:*", matchCriteriaId: "B8FF7ADD-9E27-4A23-9714-5B76132C20BC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n4000:-:*:*:*:*:*:*:*", matchCriteriaId: "C8771AB4-2F51-494D-8C86-3524BB4219C7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n4020:-:*:*:*:*:*:*:*", matchCriteriaId: "6D7E822D-994F-410D-B13C-939449FFC293", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n4100:-:*:*:*:*:*:*:*", matchCriteriaId: "AB5576F2-4914-427C-9518-ED7D16630CC5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n4120:-:*:*:*:*:*:*:*", matchCriteriaId: "3ABB7C52-863F-4291-A05B-422EE9615FAE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n6211:-:*:*:*:*:*:*:*", matchCriteriaId: "406E9139-BCFF-406B-A856-57896D27B752", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3-l13g4:-:*:*:*:*:*:*:*", matchCriteriaId: "39FD6F9C-FEEA-4D52-8745-6477B50AFB0C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5-l16g7:-:*:*:*:*:*:*:*", matchCriteriaId: "9A4FD69F-FF53-43F4-97C8-40867DB67958", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:p5921b:-:*:*:*:*:*:*:*", matchCriteriaId: "6E51393D-0855-41EA-9A57-090B47F84838", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:p5931b:-:*:*:*:*:*:*:*", matchCriteriaId: "7E5668AC-EF49-43CF-8CE4-CCE3AA999F6B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:p5962b:-:*:*:*:*:*:*:*", matchCriteriaId: "69383613-C04B-4C0F-8589-6F3EF6D45797", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_j4205:-:*:*:*:*:*:*:*", matchCriteriaId: "B6585755-C56C-4910-A7D5-B2153396AC7A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_j6425:-:*:*:*:*:*:*:*", matchCriteriaId: "D97C7A90-D8C6-4901-BCA1-E40DA173AA9D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n4200:-:*:*:*:*:*:*:*", matchCriteriaId: "9A944A8C-462E-4FF9-8AD6-1687297DD0DE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n4200e:-:*:*:*:*:*:*:*", matchCriteriaId: "5378FE6C-251A-4BCD-B151-EA42B594DC37", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n6415:-:*:*:*:*:*:*:*", matchCriteriaId: "638FA431-71EA-4668-AFF2-989A4994ED12", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_silver_j5005:-:*:*:*:*:*:*:*", matchCriteriaId: "EC903FA4-2C4E-4EBB-8BFA-579844B87354", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_silver_j5040:-:*:*:*:*:*:*:*", matchCriteriaId: "667F2E6C-C2FD-4E4B-9CC4-2EF33A74F61B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_silver_n5000:-:*:*:*:*:*:*:*", matchCriteriaId: "2DF16D51-5662-47C3-8911-0FACEEDB9D80", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_silver_n5030:-:*:*:*:*:*:*:*", matchCriteriaId: "ECC4430E-E4B1-454F-8C95-6412D34454C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_drive_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "143C062B-4DFB-4570-BE8F-7873B67A4BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_drive_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "0137C77B-D587-47D6-AEBE-462D00546FD7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EE9938FA-DE0B-4A60-A931-CE48CEB7F635", versionEndExcluding: "0209_0105", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "A5B5313D-48E9-47F5-BF59-C71A255D9831", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "466CDD7A-1B83-46C4-AC57-78E02811FFE0", versionEndExcluding: "21.01.07", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*", matchCriteriaId: "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", }, { lang: "es", value: "Una vulnerabilidad en la ejecución transitoria de omisión de dominios en algunos procesadores Intel Atom® puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local", }, ], id: "CVE-2020-24513", lastModified: "2024-11-21T05:14:56.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-09T19:15:08.963", references: [ { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4934", }, { source: "secure@intel.com", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-14 21:15
Modified
2024-11-21 05:06
Severity ?
Summary
A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BB17DB68-B876-4238-961E-383E0CD24E66", versionEndIncluding: "20.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "A5B5313D-48E9-47F5-BF59-C71A255D9831", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_s7-1500_software_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2BDF4011-5D76-4A15-9E2F-01B38685CD7B", versionEndIncluding: "20.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "FE4D4D21-9868-4FA3-89A8-1EEC473383EF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en SIMATIC ET 200SP Open Controller (incluyendo variantes SIPLUS) (versión V20.8), SIMATIC S7-1500 Software Controller (versión V20.8). El servidor web de los productos afectados contiene una vulnerabilidad que podría permitir a un atacante remoto desencadenar una condición de denegación de servicio mediante el envío de una petición HTTP especialmente diseñada", }, ], id: "CVE-2020-15796", lastModified: "2024-11-21T05:06:11.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-14T21:15:19.440", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-248", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
cve-2020-24513
Vulnerability from cvelistv5
Published
2021-06-09 18:54
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html | x_refsource_MISC | |
https://www.debian.org/security/2021/dsa-4934 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | mailing-list, x_refsource_MLIST | |
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel Atom(R) Processors |
Version: See references |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:12:08.752Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html", }, { name: "DSA-4934", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4934", }, { name: "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Intel Atom(R) Processors", vendor: "n/a", versions: [ { status: "affected", version: "See references", }, ], }, ], descriptions: [ { lang: "en", value: "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", }, ], problemTypes: [ { descriptions: [ { description: "information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-10T11:06:29", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html", }, { name: "DSA-4934", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4934", }, { name: "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2020-24513", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Intel Atom(R) Processors", version: { version_data: [ { version_value: "See references", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html", refsource: "MISC", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html", }, { name: "DSA-4934", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4934", }, { name: "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2020-24513", datePublished: "2021-06-09T18:54:08", dateReserved: "2020-08-19T00:00:00", dateUpdated: "2024-08-04T15:12:08.752Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15796
Vulnerability from cvelistv5
Published
2020-12-14 21:05
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) |
Version: V20.8 |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:21.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "V20.8", }, ], }, { product: "SIMATIC S7-1500 Software Controller", vendor: "Siemens", versions: [ { status: "affected", version: "V20.8", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-248", description: "CWE-248: Uncaught Exception", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-14T21:05:18", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2020-15796", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants)", version: { version_data: [ { version_value: "V20.8", }, ], }, }, { product_name: "SIMATIC S7-1500 Software Controller", version: { version_data: [ { version_value: "V20.8", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-248: Uncaught Exception", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2020-15796", datePublished: "2020-12-14T21:05:18", dateReserved: "2020-07-15T00:00:00", dateUpdated: "2024-08-04T13:30:21.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }