Siemens Simatic S7-1500 Cpu 1513-1 Pn vulnerabilities

CVE-2025-40943 [CRITICAL] CWE-95 CVE-2025-40943: Affected devices do not properly sanitize contents of trace files. This could allow an attacker t Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clie

CVE-2025-40820 [HIGH] CWE-940 CVE-2025-40820: Affected products do not properly enforce TCP sequence number validation in specific scenarios but a Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addres

CVE-2024-23814 [MEDIUM] CWE-400 CVE-2024-23814: The integrated ICMP service of the network stack of affected devices can be forced to exhaust its a The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication service

CVE-2023-37482 [MEDIUM] CWE-203 CVE-2023-37482: The login functionality of the web server in affected devices does not normalize the response times The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.

CVE-2024-46886 [MEDIUM] CWE-601 CVE-2024-46886: The web server of affected devices does not properly validate input that is used for a user redirect The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

CVE-2024-46887 [MEDIUM] CWE-288 CVE-2024-46887: The web server of affected devices do not properly authenticate user request to the '/ClientArea/Run The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.

CVE-2023-46156 [HIGH] CWE-416 CVE-2023-46156: Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.

CVE-2023-28831 [HIGH] CWE-190 CVE-2023-28831: The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnera The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.

CVE-2022-38773 [MEDIUM] CWE-1326 CVE-2022-38773: Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of t Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.

CVE-2021-44694 [MEDIUM] CWE-1287 CVE-2021-44694: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CVE-2021-44695 [MEDIUM] CWE-1286 CVE-2021-44695: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CVE-2021-44693 [MEDIUM] CWE-1284 CVE-2021-44693: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CVE-2021-40365 [HIGH] CWE-20 CVE-2021-40365: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CVE-2022-30694 [MEDIUM] CWE-352 CVE-2022-30694: The login endpoint /FormLogin in affected web services does not apply proper origin checking. Thi The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.