Siemens Simatic S7 Cpu 1200 Firmware vulnerabilities
8 known vulnerabilities affecting siemens/simatic_s7_cpu_1200_firmware.
Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH4MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2014-2908P2MEDIUMCVSS 4.3ExploitedPoCv2.0v3.0+1 more2014-04-25
CVE-2014-2908 [MEDIUM] CWE-79 CVE-2014-2908: Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-2250P3HIGHCVSS 8.3≤ 3.0.2v3.02014-03-24
CVE-2014-2250 [HIGH] CWE-310 CVE-2014-2250: The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.
nvd
CVE-2014-2258P3HIGHCVSS 7.8≤ 3.0.2v3.02014-03-24
CVE-2014-2258 [HIGH] CWE-399 CVE-2014-2258: Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a d
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.
nvd
CVE-2014-2254P4HIGHCVSS 7.8≤ 3.0.2v3.02014-03-24
CVE-2014-2254 [HIGH] CWE-399 CVE-2014-2254: Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a d
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.
nvd
CVE-2014-2256P4HIGHCVSS 7.8≤ 3.0.2v3.02014-03-24
CVE-2014-2256 [HIGH] CWE-399 CVE-2014-2256: Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a d
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.
nvd
CVE-2016-2846P4MEDIUMCVSS 6.5≤ 3.0.22016-03-16
CVE-2016-2846 [MEDIUM] CWE-254 CVE-2016-2846: Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program bloc
Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors.
nvd
CVE-2014-2909P4MEDIUMCVSS 5.8v2.0v3.0+1 more2014-04-25
CVE-2014-2909 [MEDIUM] CWE-94 CVE-2014-2909: CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
nvd
CVE-2014-2252P4MEDIUMCVSS 6.1≤ 3.0.2v3.02014-03-24
CVE-2014-2252 [MEDIUM] CWE-399 CVE-2014-2252: Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a d
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.
nvd