cbcvebase.

Siemens Tim 1531 Irc Firmware vulnerabilities

12 known vulnerabilities affecting siemens/tim_1531_irc_firmware.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH8MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2018-4841P2CRITICALCVSS 9.8fixed in 1.12018-03-29
CVE-2018-4841 [CRITICAL] CWE-303 CVE-2018-4841: A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with ne A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration sett
nvd
CVE-2018-13816P2CRITICALCVSS 10.0fixed in 2.02018-12-12
CVE-2018-13816 [CRITICAL] CWE-284 CVE-2018-13816: A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing pr A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerab
nvd
CVE-2021-3449P3MEDIUMCVSS 5.9≥ 2.0, < 2.22021-03-25
CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr
nvd
CVE-2021-37204P3HIGHCVSS 7.5≥ 2.22022-02-09
CVE-2021-37204 [HIGH] CWE-672 CVE-2021-37204: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA A vulnerability has been identified in SIMATIC Drive Controller family (All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over
nvd
CVE-2021-37185P3HIGHCVSS 7.5≥ 2.22022-02-09
CVE-2021-37185 [HIGH] CWE-672 CVE-2021-37185: A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2. A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets ov
nvd
CVE-2021-37205P3HIGHCVSS 7.5≥ 2.22022-02-09
CVE-2021-37205 [HIGH] CWE-401 CVE-2021-37205: A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2. A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets ov
nvd
CVE-2020-27827P3HIGHCVSS 7.5fixed in 2.22021-03-18
CVE-2020-27827 [HIGH] CWE-400 CVE-2020-27827: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memor A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
nvd
CVE-2022-43716P3HIGHCVSS 7.5fixed in 2.3.62023-04-11
CVE-2022-43716 [HIGH] CWE-416 CVE-2022-43716: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3. A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7K
nvd
CVE-2022-43768P3HIGHCVSS 7.5fixed in 2.3.62023-04-11
CVE-2022-43768 [HIGH] CWE-770 CVE-2022-43768: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3. A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7K
nvd
CVE-2022-43767P3HIGHCVSS 7.5fixed in 2.3.62023-04-11
CVE-2022-43767 [HIGH] CWE-833 CVE-2022-43767: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3. A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7K
nvd
CVE-2019-6568P3HIGHCVSS 7.5fixed in 2.12019-04-17
CVE-2019-6568 [HIGH] CWE-125 CVE-2019-6568: The webserver of the affected devices contains a vulnerability that may lead to a denial of service The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitat
nvd
CVE-2020-28397P4MEDIUMCVSS 5.3v2.12021-08-10
CVE-2020-28397 [MEDIUM] CWE-863 CVE-2020-28397: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA A vulnerability has been identified in SIMATIC Drive Controller family (All versions V2 V2.5 V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected d
nvd
Siemens Tim 1531 Irc Firmware vulnerabilities | cvebase