Siemens Simatic S7-1200 Firmware vulnerabilities

7 known vulnerabilities affecting siemens/simatic_s7-1200_firmware.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-28400HIGHCVSS 8.7fixed in 4.52021-07-13
CVE-2020-28400 [HIGH] CWE-770 CVE-2020-28400: Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.
nvd
CVE-2017-2681HIGHCVSS 7.1fixed in 4.2.12017-05-11
CVE-2017-2681 [HIGH] CWE-400 CVE-2017-2681: Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected pro Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.
nvd
CVE-2017-2680HIGHCVSS 7.1fixed in 4.2.12017-05-11
CVE-2017-2680 [HIGH] CWE-400 CVE-2017-2680: Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affect Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
nvd
CVE-2013-2780HIGHCVSS 7.8fixed in 4.02013-04-22
CVE-2013-2780 [HIGH] CVE-2013-2780: Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port).
nvd
CVE-2013-0700HIGHCVSS 7.8fixed in 4.02013-04-22
CVE-2013-0700 [HIGH] CVE-2013-0700: Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port).
nvd
CVE-2012-3040MEDIUMCVSS 4.3≥ 2.0.0, < 3.0.22012-10-10
CVE-2012-3040 [MEDIUM] CWE-79 CVE-2012-3040: Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x throu Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
nvd
CVE-2012-3037MEDIUMCVSS 4.3≥ 2.0.0, < 3.0.02012-09-25
CVE-2012-3037 [MEDIUM] CWE-295 CVE-2012-3037: The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROL The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate.
nvd