cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-28831,https://securityvulnerability.io/vulnerability/CVE-2023-28831,Integer Overflow Issue in Siemens OPC UA Implementations,"The OPC UA implementations in Siemens products harbor an integer overflow vulnerability that can lead to an infinite loop during the certificate validation process. This condition could be exploited by an unauthenticated remote attacker utilizing a specially crafted certificate, resulting in a denial of service that impacts application availability and reliability.",Siemens,"Simatic Braumat,Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716,Simatic Comfort/mobile Rt,Simatic Drive Controller Cpu 1504d Tf,Simatic Drive Controller Cpu 1507d Tf,Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Ipc Diagmonitor,Simatic Net Pc Software V14,Simatic Net Pc Software V16,Simatic Net Pc Software V17,Simatic Net Pc Software V18,Simatic Pcs 7 V9.1,Simatic Pcs Neo V4.0,Simatic S7-1500 Cpu 1510sp F-1 Pn,Simatic S7-1500 Cpu 1510sp-1 Pn,Simatic S7-1500 Cpu 1511-1 Pn,Simatic S7-1500 Cpu 1511c-1 Pn,Simatic S7-1500 Cpu 1511f-1 Pn,Simatic S7-1500 Cpu 1511t-1 Pn,Simatic S7-1500 Cpu 1511tf-1 Pn,Simatic S7-1500 Cpu 1512c-1 Pn,Simatic S7-1500 Cpu 1512sp F-1 Pn,Simatic S7-1500 Cpu 1512sp-1 Pn,Simatic S7-1500 Cpu 1513-1 Pn,Simatic S7-1500 Cpu 1513f-1 Pn,Simatic S7-1500 Cpu 1514sp F-2 Pn,Simatic S7-1500 Cpu 1514sp-2 Pn,Simatic S7-1500 Cpu 1514spt F-2 Pn,Simatic S7-1500 Cpu 1514spt-2 Pn,Simatic S7-1500 Cpu 1515-2 Pn,Simatic S7-1500 Cpu 1515f-2 Pn,Simatic S7-1500 Cpu 1515t-2 Pn,Simatic S7-1500 Cpu 1515tf-2 Pn,Simatic S7-1500 Cpu 1516-3 Pn/dp,Simatic S7-1500 Cpu 1516f-3 Pn/dp,Simatic S7-1500 Cpu 1516t-3 Pn/dp,Simatic S7-1500 Cpu 1516tf-3 Pn/dp,Simatic S7-1500 Cpu 1517-3 Pn/dp,Simatic S7-1500 Cpu 1517f-3 Pn/dp,Simatic S7-1500 Cpu 1517t-3 Pn/dp,Simatic S7-1500 Cpu 1517tf-3 Pn/dp,Simatic S7-1500 Cpu 1518-4 Pn/dp,Simatic S7-1500 Cpu 1518-4 Pn/dp Mfp,Simatic S7-1500 Cpu 1518f-4 Pn/dp,Simatic S7-1500 Cpu 1518f-4 Pn/dp Mfp,Simatic S7-1500 Cpu 1518t-4 Pn/dp,Simatic S7-1500 Cpu 1518tf-4 Pn/dp,Simatic S7-1500 Cpu S7-1518-4 Pn/dp Odk,Simatic S7-1500 Cpu S7-1518f-4 Pn/dp Odk,Simatic S7-1500 Et 200pro: Cpu 1513pro F-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1513pro-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1516pro F-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1516pro-2 Pn,Simatic S7-1500 Software Controller V2,Simatic S7-1500 Software Controller V3,Simatic S7-plcsim Advanced,Simatic Sistar,Simatic Wincc Oa V3.17,Simatic Wincc Oa V3.18,Simatic Wincc Oa V3.19,Simatic Wincc Opc Ua Client,Simatic Wincc Runtime Professional V16,Simatic Wincc Runtime Professional V17,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc Unified Opc Ua Server,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0,Sinumerik Mc,Sinumerik One,Siplus Et 200sp Cpu 1510sp F-1 Pn,Siplus Et 200sp Cpu 1510sp F-1 Pn Rail,Siplus Et 200sp Cpu 1510sp-1 Pn,Siplus Et 200sp Cpu 1510sp-1 Pn Rail,Siplus Et 200sp Cpu 1512sp F-1 Pn,Siplus Et 200sp Cpu 1512sp F-1 Pn Rail,Siplus Et 200sp Cpu 1512sp-1 Pn,Siplus Et 200sp Cpu 1512sp-1 Pn Rail,Siplus S7-1500 Cpu 1511-1 Pn,Siplus S7-1500 Cpu 1511-1 Pn T1 Rail,Siplus S7-1500 Cpu 1511-1 Pn Tx Rail,Siplus S7-1500 Cpu 1511f-1 Pn,Siplus S7-1500 Cpu 1513-1 Pn,Siplus S7-1500 Cpu 1513f-1 Pn,Siplus S7-1500 Cpu 1515f-2 Pn,Siplus S7-1500 Cpu 1515f-2 Pn Rail,Siplus S7-1500 Cpu 1515f-2 Pn T2 Rail,Siplus S7-1500 Cpu 1516-3 Pn/dp,Siplus S7-1500 Cpu 1516-3 Pn/dp Rail,Siplus S7-1500 Cpu 1516-3 Pn/dp Tx Rail,Siplus S7-1500 Cpu 1516f-3 Pn/dp,Siplus S7-1500 Cpu 1516f-3 Pn/dp Rail,Siplus S7-1500 Cpu 1518-4 Pn/dp,Siplus S7-1500 Cpu 1518-4 Pn/dp Mfp,Siplus S7-1500 Cpu 1518f-4 Pn/dp",7.5,HIGH,0.0005300000193528831,false,,false,false,false,,false,false,2023-09-12T10:15:00.000Z,0
CVE-2023-28832,https://securityvulnerability.io/vulnerability/CVE-2023-28832,Command Injection Vulnerability in SIMATIC Cloud Connect Products by Siemens,"A command injection vulnerability has been detected in specific versions of SIMATIC Cloud Connect 7 CC712 and CC716 by Siemens. This issue arises from inadequate user input validation in the web-based management interface. An authenticated attacker with privileged access could exploit this vulnerability to execute arbitrary commands and potentially gain root privileges, significantly compromising the security of the affected devices.",Siemens,"Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716",7.2,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2023-05-09T13:15:00.000Z,0
CVE-2023-29103,https://securityvulnerability.io/vulnerability/CVE-2023-29103,Data Protection Vulnerability in SIMATIC Cloud Connect 7 by Siemens,"A vulnerability has been found in the SIMATIC Cloud Connect 7 series by Siemens, affecting specific versions of CC712 and CC716. The flaw arises from the use of a hard-coded password to safeguard diagnostic files. This poses a risk as it allows an authenticated attacker to potentially exploit this weakness to gain unauthorized access to sensitive protected data, which undermines the system's overall data security.",Siemens,"Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2023-05-09T13:15:00.000Z,0
CVE-2023-29104,https://securityvulnerability.io/vulnerability/CVE-2023-29104,Path Traversal Flaw in SIMATIC Cloud Connect Products by Siemens,"A vulnerability has been detected in specific versions of Siemens SIMATIC Cloud Connect 7 CC712 and CC716. This path traversal vulnerability affects the upload feature in the web-based management interface, potentially granting an authenticated privileged remote attacker the ability to overwrite files accessible to the Linux user `ccuser`. Additionally, the flaw allows for the unauthorized download of any files that the `ccuser` can read. This security issue poses significant risks to data integrity and confidentiality.",Siemens,"Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716",6,MEDIUM,0.0012799999676644802,false,,false,false,false,,false,false,2023-05-09T13:15:00.000Z,0
CVE-2023-29105,https://securityvulnerability.io/vulnerability/CVE-2023-29105,Denial of Service Vulnerability in SIMATIC Cloud Connect Products by Siemens,"A vulnerability has been identified in multiple versions of SIMATIC Cloud Connect 7 CC712 and CC716, allowing a denial of service situation. The flaw occurs when the devices attempt to process a non-JSON MQTT payload. An attacker controlling the communication between the MQTT broker and the affected devices can exploit this weakness, potentially rendering the devices inoperable by disrupting their ability to handle incoming data.",Siemens,"Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716",5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,2023-05-09T13:15:00.000Z,0
CVE-2023-29106,https://securityvulnerability.io/vulnerability/CVE-2023-29106,Unauthorized Access in SIMATIC Cloud Connect Products by Siemens,"A significant vulnerability exists in certain versions of the SIMATIC Cloud Connect 7 products by Siemens. Specifically, the export endpoint can be accessed through the REST API without requiring authentication. This flaw creates an opportunity for remote attackers to exploit the system, allowing unauthorized file downloads. Organizations using affected versions must review their configurations and apply necessary updates to secure their systems from potential unauthorized access.",Siemens,"Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716",5.3,MEDIUM,0.0020200000144541264,false,,false,false,false,,false,false,2023-05-09T13:15:00.000Z,0
CVE-2023-29107,https://securityvulnerability.io/vulnerability/CVE-2023-29107,Information Disclosure Vulnerability in Siemens SIMATIC Cloud Connect 7,"A vulnerability has been discovered in the Siemens SIMATIC Cloud Connect 7 (specifically in versions CC712 and CC716), where the export endpoint leads to the unintended exposure of undocumented files. This flaw may allow remote attackers without authentication to exploit the system and access sensitive information resources, potentially compromising the integrity and confidentiality of data.",Siemens,"Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716",5.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2023-05-09T13:15:00.000Z,0
CVE-2023-29128,https://securityvulnerability.io/vulnerability/CVE-2023-29128,Path Traversal Vulnerability in SIMATIC Cloud Connect Products by Siemens,"A path traversal vulnerability has been discovered in the upload feature of the web-based management interface of SIMATIC Cloud Connect 7 CC712 and CC716. This flaw allows an authenticated and privileged remote attacker to exploit the filename used during the upload process. By manipulating the upload path, the attacker can write arbitrary files with a `.db` extension to the device, posing significant risks to the integrity and confidentiality of the system. Organizations using the affected products should take prompt action to mitigate this vulnerability.",Siemens,"Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716",3.8,LOW,0.0007800000021234155,false,,false,false,false,,false,false,2023-05-09T13:15:00.000Z,0