Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Firmware

CPE Details

Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Firmware
siemens
simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware
-
2022-11-08
16h58 +00:00
2022-11-09
16h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:-:*:*:*:*:*:*:*

Informations

Vendor

siemens

Product

simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-28831 2023-09-12 09h32 +00:00 The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.
7.5
High
CVE-2022-38773 2023-01-10 11h39 +00:00 Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.
6.8
Medium
CVE-2021-40365 2022-12-12 23h00 +00:00 Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
7.5
High
CVE-2021-44693 2022-12-12 23h00 +00:00 Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
7.5
High
CVE-2021-44694 2022-12-12 23h00 +00:00 Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
7.5
High
CVE-2021-44695 2022-12-12 23h00 +00:00 Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
7.5
High
CVE-2022-30694 2022-11-07 23h00 +00:00 The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
6.5
Medium
CVE-2021-3449 2021-03-25 14h25 +00:00 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
5.9
Medium