Siemens Simatic S7-1200 Cpu Family vulnerabilities
20 known vulnerabilities affecting siemens/simatic_s7-1200_cpu_family.
Total CVEs
20
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH16MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2021-44694HIGHCVSS 7.5vAll versions < V4.6.02022-12-13
CVE-2021-44694 [HIGH] CWE-1287 CVE-2021-44694: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
cvelistv5nvd
CVE-2021-44695HIGHCVSS 7.5vAll versions < V4.6.02022-12-13
CVE-2021-44695 [HIGH] CWE-1286 CVE-2021-44695: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
cvelistv5nvd
CVE-2021-44693HIGHCVSS 7.5vAll versions < V4.6.02022-12-13
CVE-2021-44693 [HIGH] CWE-1284 CVE-2021-44693: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
cvelistv5nvd
CVE-2021-40365HIGHCVSS 7.5vAll versions < V4.6.02022-12-13
CVE-2021-40365 [HIGH] CWE-20 CVE-2021-40365: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
cvelistv5nvd
CVE-2022-30694LOWCVSS 3.5vAll versions < V4.6.02022-11-08
CVE-2022-30694 [LOW] CWE-352 CVE-2022-30694: The login endpoint /FormLogin in affected web services does not apply proper origin checking.
Thi
The login endpoint /FormLogin in affected web services does not apply proper origin checking.
This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
cvelistv5nvd
CVE-2022-38465HIGHCVSS 7.8vAll versions < V4.5.02022-10-11
CVE-2022-38465 [HIGH] CWE-522 CVE-2022-38465: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0)
cvelistv5nvd
CVE-2021-37204HIGHCVSS 7.5vAll versions < V4.5.0vAll versions >= V4.5.0 < V4.5.22022-02-09
CVE-2021-37204 [HIGH] CWE-672 CVE-2021-37204: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA
A vulnerability has been identified in SIMATIC Drive Controller family (All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over
cvelistv5nvd
CVE-2021-37205HIGHCVSS 7.5vAll versions >= V4.5.0 < V4.5.22022-02-09
CVE-2021-37205 [HIGH] CWE-401 CVE-2021-37205: A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.
A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets ov
cvelistv5nvd
CVE-2021-37185HIGHCVSS 7.5vAll versions >= V4.5.0 < V4.5.22022-02-09
CVE-2021-37185 [HIGH] CWE-672 CVE-2021-37185: A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.
A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets ov
cvelistv5nvd
CVE-2021-37172HIGHCVSS 7.5vV4.5.02021-08-10
CVE-2021-37172 [HIGH] CWE-287 CVE-2021-37172: A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0).
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnera
cvelistv5nvd
CVE-2020-28397MEDIUMCVSS 5.3vVersion V4.42021-08-10
CVE-2020-28397 [MEDIUM] CWE-863 CVE-2020-28397: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA
A vulnerability has been identified in SIMATIC Drive Controller family (All versions V2 V2.5 V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected d
cvelistv5nvd
CVE-2020-15782CRITICALCVSS 9.8vAll versions < V4.5.02021-05-28
CVE-2020-15782 [CRITICAL] CWE-119 CVE-2020-15782: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.
cvelistv5nvd
CVE-2019-19300HIGHCVSS 7.5vAll versions < V4.4.02020-04-14
CVE-2019-19300 [HIGH] CWE-400 CVE-2019-19300: A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, De
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET 20
cvelistv5nvd
CVE-2019-13940HIGHCVSS 7.5vAll versions < V4.12020-02-11
CVE-2019-13940 [HIGH] CWE-400 CVE-2019-13940: A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17),
A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMA
cvelistv5nvd
CVE-2019-10936HIGHCVSS 7.5vAll versions < V4.4.02019-10-10
CVE-2019-10936 [HIGH] CWE-400 CVE-2019-10936: Affected devices improperly handle large amounts of specially crafted UDP packets.
This could all
Affected devices improperly handle large amounts of specially crafted UDP packets.
This could allow an unauthenticated remote attacker to trigger a denial of service condition.
cvelistv5nvd
CVE-2019-10943HIGHCVSS 7.5vAll versions < V4.4.0vAll versions >= V4.4.02019-08-13
CVE-2019-10943 [HIGH] CWE-353 CVE-2019-10943: A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 20
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions = V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions = V4.4.0), SIMATIC
cvelistv5nvd
CVE-2019-10929MEDIUMCVSS 5.9vAll versions < V4.4.02019-08-13
CVE-2019-10929 [MEDIUM] CWE-327 CVE-2019-10929: A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Control
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versio
cvelistv5nvd
CVE-2017-12741HIGHCVSS 8.7vAll versions < V4.2.32017-12-26
CVE-2017-12741 [HIGH] CWE-400 CVE-2017-12741: Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affect
Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.
cvelistv5nvd
CVE-2017-2681HIGHCVSS 7.1vAll versions < V4.2.12017-05-11
CVE-2017-2681 [HIGH] CWE-400 CVE-2017-2681: Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected pro
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.
cvelistv5nvd
CVE-2017-2680HIGHCVSS 7.1vAll versions < V4.2.12017-05-11
CVE-2017-2680 [HIGH] CWE-400 CVE-2017-2680: Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affect
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
cvelistv5nvd