cbcvebase.

Siemens Simatic S7-Plcsim Advanced vulnerabilities

23 known vulnerabilities affecting siemens/simatic_s7-plcsim_advanced.

Total CVEs
23
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH14MEDIUM4LOW1

Vulnerabilities

Page 1 of 2
CVE-2026-25786CRITICALCVSS 9.3fixed in *2026-05-12
CVE-2026-25786 [CRITICAL] CWE-79 CVE-2026-25786: Affected devices do not properly validate and sanitize PLC/station name rendered on the "communicati Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "commu
nvd
CVE-2026-25787CRITICALCVSS 9.3fixed in *2026-05-12
CVE-2026-25787 [CRITICAL] CWE-79 CVE-2026-25787: Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the " Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights access
nvd
CVE-2026-25789HIGHCVSS 7.2fixed in *2026-05-12
CVE-2026-25789 [HIGH] CWE-79 CVE-2026-25789: Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This c Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the authenticated user's session without requiring the file to be up
nvd
CVE-2025-40943CRITICALCVSS 9.4fixed in *2026-03-10
CVE-2025-40943 [CRITICAL] CWE-95 CVE-2025-40943: Affected devices do not properly sanitize contents of trace files. This could allow an attacker t Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clie
nvd
CVE-2025-30033HIGHCVSS 8.5fixed in V7.0 Update 12025-08-12
CVE-2025-30033 [HIGH] CWE-427 CVE-2025-30033: The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.
nvd
CVE-2023-37482MEDIUMCVSS 6.9≥ V6.0, < V7.02025-02-11
CVE-2023-37482 [MEDIUM] CWE-203 CVE-2023-37482: The login functionality of the web server in affected devices does not normalize the response times The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
nvd
CVE-2024-46886MEDIUMCVSS 5.1fixed in V7.02024-10-08
CVE-2024-46886 [MEDIUM] CWE-601 CVE-2024-46886: The web server of affected devices does not properly validate input that is used for a user redirect The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.
nvd
CVE-2024-46887MEDIUMCVSS 6.9fixed in V7.02024-10-08
CVE-2024-46887 [MEDIUM] CWE-288 CVE-2024-46887: The web server of affected devices do not properly authenticate user request to the '/ClientArea/Run The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.
nvd
CVE-2023-46156HIGHCVSS 7.5fixed in V6.02023-12-12
CVE-2023-46156 [HIGH] CWE-416 CVE-2023-46156: Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.
nvd
CVE-2023-28831HIGHCVSS 8.7fixed in V5.0 Update 22023-09-12
CVE-2023-28831 [HIGH] CWE-190 CVE-2023-28831: The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnera The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.
nvd
CVE-2021-44694HIGHCVSS 7.5vAll versions < V5.02022-12-13
CVE-2021-44694 [HIGH] CWE-1287 CVE-2021-44694: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
nvd
CVE-2021-44695HIGHCVSS 7.5vAll versions < V5.02022-12-13
CVE-2021-44695 [HIGH] CWE-1286 CVE-2021-44695: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
nvd
CVE-2021-40365HIGHCVSS 7.5vAll versions < V5.02022-12-13
CVE-2021-40365 [HIGH] CWE-20 CVE-2021-40365: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
nvd
CVE-2021-44693HIGHCVSS 7.5vAll versions < V5.02022-12-13
CVE-2021-44693 [HIGH] CWE-1284 CVE-2021-44693: Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
nvd
CVE-2022-30694LOWCVSS 3.5vAll versions < V5.02022-11-08
CVE-2022-30694 [LOW] CWE-352 CVE-2022-30694: The login endpoint /FormLogin in affected web services does not apply proper origin checking. Thi The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
nvd
CVE-2022-38465HIGHCVSS 7.8vAll versions < V4.02022-10-11
CVE-2022-38465 [HIGH] CWE-522 CVE-2022-38465: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0)
nvd
CVE-2021-37205HIGHCVSS 7.5vAll versions >= V4.0 < V4.0 SP12022-02-09
CVE-2021-37205 [HIGH] CWE-401 CVE-2021-37205: A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2. A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets ov
nvd
CVE-2021-37204HIGHCVSS 7.5vAll versions < V4.0vAll versions >= V4.0 < V4.0 SP12022-02-09
CVE-2021-37204 [HIGH] CWE-672 CVE-2021-37204: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA A vulnerability has been identified in SIMATIC Drive Controller family (All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over
nvd
CVE-2021-37185HIGHCVSS 7.5vAll versions >= V4.0 < V4.0 SP12022-02-09
CVE-2021-37185 [HIGH] CWE-672 CVE-2021-37185: A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2. A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets ov
nvd
CVE-2020-15782CRITICALCVSS 9.8fixed in 4.0vAll versions < V4.02021-05-28
CVE-2020-15782 [CRITICAL] CWE-119 CVE-2020-15782: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.
nvd
1 / 2Next →