Siemens Simatic Et 200Sp Cpu 1514Spt F-2 Pn vulnerabilities

5 known vulnerabilities affecting siemens/simatic_et_200sp_cpu_1514spt_f-2_pn.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-40943CRITICALCVSS 9.4fixed in V4.1.22026-03-10
CVE-2025-40943 [CRITICAL] CWE-95 CVE-2025-40943: Affected devices do not properly sanitize contents of trace files. This could allow an attacker t Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clie
cvelistv5nvd
CVE-2023-37482MEDIUMCVSS 6.9≥ V3.1.0, < V3.1.22025-02-11
CVE-2023-37482 [MEDIUM] CWE-203 CVE-2023-37482: The login functionality of the web server in affected devices does not normalize the response times The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
cvelistv5nvd
CVE-2024-46886MEDIUMCVSS 5.1fixed in V3.1.42024-10-08
CVE-2024-46886 [MEDIUM] CWE-601 CVE-2024-46886: The web server of affected devices does not properly validate input that is used for a user redirect The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.
cvelistv5nvd
CVE-2024-46887MEDIUMCVSS 6.9fixed in V3.1.42024-10-08
CVE-2024-46887 [MEDIUM] CWE-288 CVE-2024-46887: The web server of affected devices do not properly authenticate user request to the '/ClientArea/Run The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.
cvelistv5nvd
CVE-2023-28831HIGHCVSS 8.7fixed in V3.0.32023-09-12
CVE-2023-28831 [HIGH] CWE-190 CVE-2023-28831: The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnera The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.
cvelistv5nvd