Siemens Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 vulnerabilities
19 known vulnerabilities affecting siemens/simatic_et_200sp_open_controller_cpu_1515sp_pc2.
Total CVEs
19
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH14MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2023-37482MEDIUMCVSS 6.9≥ V30.1.0, < V31.1.42025-02-11
CVE-2023-37482 [MEDIUM] CWE-203 CVE-2023-37482: The login functionality of the web server in affected devices does not normalize the response times
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
cvelistv5nvd
CVE-2023-46156HIGHCVSS 7.5fixed in V30.1.02023-12-12
CVE-2023-46156 [HIGH] CWE-416 CVE-2023-46156: Affected devices improperly handle specially crafted packets sent to port 102/tcp.
This could allow
Affected devices improperly handle specially crafted packets sent to port 102/tcp.
This could allow an attacker to create a denial of service condition. A restart is needed to restore
normal operations.
cvelistv5nvd
CVE-2023-28831HIGHCVSS 8.7fixed in V21.9.7≥ V30.0.0, < V30.1.02023-09-12
CVE-2023-28831 [HIGH] CWE-190 CVE-2023-28831: The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnera
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation.
This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.
cvelistv5nvd
CVE-2021-44694HIGHCVSS 7.5vAll versions < V21.9.72022-12-13
CVE-2021-44694 [HIGH] CWE-1287 CVE-2021-44694: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
cvelistv5nvd
CVE-2021-44695HIGHCVSS 7.5vAll versions < V21.9.72022-12-13
CVE-2021-44695 [HIGH] CWE-1286 CVE-2021-44695: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
cvelistv5nvd
CVE-2021-44693HIGHCVSS 7.5vAll versions < V21.9.72022-12-13
CVE-2021-44693 [HIGH] CWE-1284 CVE-2021-44693: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
cvelistv5nvd
CVE-2021-40365HIGHCVSS 7.5vAll versions < V21.9.72022-12-13
CVE-2021-40365 [HIGH] CWE-20 CVE-2021-40365: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
cvelistv5nvd
CVE-2022-30694LOWCVSS 3.5vAll versions < V21.9.72022-11-08
CVE-2022-30694 [LOW] CWE-352 CVE-2022-30694: The login endpoint /FormLogin in affected web services does not apply proper origin checking.
Thi
The login endpoint /FormLogin in affected web services does not apply proper origin checking.
This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
cvelistv5nvd
CVE-2022-38465HIGHCVSS 7.8vAll versions < V21.92022-10-11
CVE-2022-38465 [HIGH] CWE-522 CVE-2022-38465: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0)
cvelistv5nvd
CVE-2021-37204HIGHCVSS 7.5vAll versions < V21.9vAll versions >= V21.9 < V21.9.42022-02-09
CVE-2021-37204 [HIGH] CWE-672 CVE-2021-37204: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA
A vulnerability has been identified in SIMATIC Drive Controller family (All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over
cvelistv5nvd
CVE-2021-37205HIGHCVSS 7.5vAll versions >= V21.9 < V21.9.42022-02-09
CVE-2021-37205 [HIGH] CWE-401 CVE-2021-37205: A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.
A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets ov
cvelistv5nvd
CVE-2021-37185HIGHCVSS 7.5vAll versions >= V21.9 < V21.9.42022-02-09
CVE-2021-37185 [HIGH] CWE-672 CVE-2021-37185: A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.
A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets ov
cvelistv5nvd
CVE-2020-28397MEDIUMCVSS 5.3vAll versions < V21.92021-08-10
CVE-2020-28397 [MEDIUM] CWE-863 CVE-2020-28397: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA
A vulnerability has been identified in SIMATIC Drive Controller family (All versions V2 V2.5 V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected d
cvelistv5nvd
CVE-2020-15782CRITICALCVSS 9.8vAll versions < V21.92021-05-28
CVE-2020-15782 [CRITICAL] CWE-119 CVE-2020-15782: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.
cvelistv5nvd
CVE-2019-19300HIGHCVSS 7.5fixed in V2.02020-04-14
CVE-2019-19300 [HIGH] CWE-400 CVE-2019-19300: A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, De
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET 20
cvelistv5nvd
CVE-2019-10943HIGHCVSS 7.5vAll versions < V20.8vAll versions >= V20.82019-08-13
CVE-2019-10943 [HIGH] CWE-353 CVE-2019-10943: A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 20
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions = V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions = V4.4.0), SIMATIC
cvelistv5nvd
CVE-2019-10929MEDIUMCVSS 5.9vAll versions < V20.82019-08-13
CVE-2019-10929 [MEDIUM] CWE-327 CVE-2019-10929: A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Control
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versio
cvelistv5nvd
CVE-2019-6575HIGHCVSS 7.5vAll versions < V2.72019-04-17
CVE-2019-6575 [HIGH] CWE-248 CVE-2019-6575: A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open
A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions = V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanc
cvelistv5nvd
CVE-2019-6568HIGHCVSS 7.5vAll versions < V2.72019-04-17
CVE-2019-6568 [HIGH] CWE-125 CVE-2019-6568: The webserver of the affected devices contains a vulnerability that may lead to
a denial of service
The webserver of the affected devices contains a vulnerability that may lead to
a denial of service condition. An attacker may cause a denial of service
situation which leads to a restart of the webserver of the affected device.
The security vulnerability could be exploited by an attacker with network
access to the affected systems. Successful exploita
cvelistv5nvd