Export limit exceeded: 350887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (419 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15796 | 1 Siemens | 4 Simatic Et 200sp Open Controller, Simatic Et 200sp Open Controller Firmware, Simatic S7-1500 Software Controller and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request. | ||||
| CVE-2020-15791 | 1 Siemens | 28 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 312 Firmware, Simatic S7-300 Cpu 314 and 25 more | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials. | ||||
| CVE-2020-15787 | 1 Siemens | 2 Simatic Hmi United Comfort Panels, Simatic Hmi United Comfort Panels Firmware | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | ||||
| CVE-2020-15786 | 1 Siemens | 8 Simatic Hmi Basic Panels 2nd Generation, Simatic Hmi Basic Panels 2nd Generation Firmware, Simatic Hmi Comfort Panels and 5 more | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | ||||
| CVE-2020-15783 | 1 Siemens | 24 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 312 Firmware, Simatic S7-300 Cpu 314 and 21 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service. | ||||
| CVE-2020-15782 | 1 Siemens | 63 6es7510-1dj01-0ab0, 6es7510-1sj01-0ab0, 6es7511-1ak01-0ab0 and 60 more | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. | ||||
| CVE-2020-14405 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | ||||
| CVE-2020-14404 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 5.4 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. | ||||
| CVE-2020-14403 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 5.4 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. | ||||
| CVE-2020-14402 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 5.4 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | ||||
| CVE-2020-14401 | 4 Debian, Libvncserver Project, Opensuse and 1 more | 15 Debian Linux, Libvncserver, Leap and 12 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. | ||||
| CVE-2020-14398 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. | ||||
| CVE-2020-14397 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | ||||
| CVE-2020-14396 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | ||||
| CVE-2020-12360 | 3 Intel, Netapp, Siemens | 552 Bios, Core I3-l13g4, Core I5-l16g7 and 549 more | 2024-11-21 | 7.8 High |
| Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12358 | 3 Intel, Netapp, Siemens | 548 Bios, Core I3-l13g4, Core I5-l16g7 and 545 more | 2024-11-21 | 4.4 Medium |
| Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2020-12357 | 3 Intel, Netapp, Siemens | 568 Bios, Core I3-l13g4, Core I5-l16g7 and 565 more | 2024-11-21 | 6.7 Medium |
| Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-10054 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 5.5 Medium |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service. | ||||
| CVE-2020-10053 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 5.5 Medium |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks. | ||||
| CVE-2020-10052 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 5.5 Medium |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks. | ||||