Siemens Simatic Cp 1543-1 Firmware vulnerabilities
10 known vulnerabilities affecting siemens/simatic_cp_1543-1_firmware.
Total CVEs
10
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH5MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2024-50310HIGHCVSS 8.7≥ 4.0.44, < 4.0.502024-11-12
CVE-2024-50310 [HIGH] CWE-863 CVE-2024-50310: A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >=
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem.
nvd
CVE-2022-34820CRITICALCVSS 9.8fixed in 3.0.222022-07-12
CVE-2022-34820 [CRITICAL] CWE-77 CVE-2022-34820: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 124
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not
nvd
CVE-2022-34819CRITICALCVSS 10.0fixed in 3.0.222022-07-12
CVE-2022-34819 [CRITICAL] CWE-122 CVE-2022-34819: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 124
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks pr
nvd
CVE-2022-34821HIGHCVSS 8.8fixed in 3.0.222022-07-12
CVE-2022-34821 [HIGH] CWE-94 CVE-2022-34821: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM R
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Route
nvd
CVE-2021-33716MEDIUMCVSS 6.5fixed in 3.02021-09-14
CVE-2021-33716 [MEDIUM] CWE-312 CVE-2021-33716: A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.
nvd
CVE-2021-22924LOWCVSS 3.7fixed in 3.0.222021-08-05
CVE-2021-22924 [LOW] CWE-20 CVE-2021-22924: libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or c
nvd
CVE-2019-12815CRITICALCVSS 9.8≥ 2.0, < 2.22019-07-19
CVE-2019-12815 [CRITICAL] CVE-2019-12815: An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code exec
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
nvd
CVE-2017-2681HIGHCVSS 7.1fixed in 1.0.152017-05-11
CVE-2017-2681 [HIGH] CWE-400 CVE-2017-2681: Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected pro
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.
nvd
CVE-2017-2680HIGHCVSS 7.1fixed in 2.12017-05-11
CVE-2017-2680 [HIGH] CWE-400 CVE-2017-2680: Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affect
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
nvd
CVE-2016-8562HIGHCVSS 7.5KEVfixed in 2.0.282016-11-18
CVE-2016-8562 [HIGH] CVE-2016-8562: A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 154
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-s
nvd