Skip to main content

Simatic S7 1200 Cpu 1214 Fc Firmware

6 CVEs product

Monthly

CVE-2022-30694 MEDIUM PATCH This Month

The login endpoint /FormLogin in affected web services does not apply proper origin checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Simatic S7 1500 Software Controller Simatic S7 Plcsim Advanced Simatic Wincc Runtime 6Es7154 8Fb01 0Ab0 Firmware +109
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2013-2780 HIGH This Week

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Denial Of Service Simatic S7 1200 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +6
NVD
CVSS 2.0
7.8
EPSS
0.3%
CVE-2013-0700 HIGH This Week

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Denial Of Service Simatic S7 1200 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +6
NVD
CVSS 2.0
7.8
EPSS
0.3%
CVE-2012-3040 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens XSS Simatic S7 1200 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +6
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2012-3037 MEDIUM This Month

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Information Disclosure Simatic S7 1200 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +6
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The login endpoint /FormLogin in affected web services does not apply proper origin checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Simatic S7 1500 Software Controller Simatic S7 Plcsim Advanced +111
NVD
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Denial Of Service Simatic S7 1200 Firmware +8
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Denial Of Service Simatic S7 1200 Firmware +8
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens XSS Simatic S7 1200 Firmware +8
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Information Disclosure Simatic S7 1200 Firmware +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy