Skip to main content

Simatic S7 1500 Cpu 1515 2 Pn Firmware

3 CVEs product

Monthly

CVE-2023-46156 HIGH This Week

Affected devices improperly handle specially crafted packets sent to port 102/tcp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Simatic Drive Controller Cpu 1504D Tf Firmware Simatic Drive Controller Cpu 1507D Tf Firmware +71
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-28831 HIGH This Week

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Simatic Cloud Connect 7 Cc712 Firmware Simatic Cloud Connect 7 Cc716 Firmware Simatic Drive Controller Cpu 1504D Tf Firmware +75
NVD
CVSS 4.0
8.7
EPSS
0.8%
CVE-2022-30694 MEDIUM PATCH This Month

The login endpoint /FormLogin in affected web services does not apply proper origin checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Simatic S7 1500 Software Controller Simatic S7 Plcsim Advanced Simatic Wincc Runtime 6Es7154 8Fb01 0Ab0 Firmware +109
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 1% CVSS 7.5
HIGH This Week

Affected devices improperly handle specially crafted packets sent to port 102/tcp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +73
NVD
EPSS 1% CVSS 8.7
HIGH This Week

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Simatic Cloud Connect 7 Cc712 Firmware +77
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The login endpoint /FormLogin in affected web services does not apply proper origin checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Simatic S7 1500 Software Controller Simatic S7 Plcsim Advanced +111
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy