cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2022-40227,https://securityvulnerability.io/vulnerability/CVE-2022-40227,Input Validation Flaw in SIMATIC HMI Comfort Panels and KTP Mobile Panels by Siemens,"A vulnerability exists in various SIMATIC HMI devices from Siemens, allowing remote attackers to exploit input validation weaknesses across specific services accessed via TCP. By sending specially crafted TCP packets, an unauthenticated attacker could trigger a permanent denial of service condition, necessitating a reboot of the affected devices. This affects multiple models and versions, underscoring the critical need for updates to maintain operational integrity.",Siemens,"Simatic Hmi Comfort Panels (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels,Simatic Hmi Ktp1200 Basic,Simatic Hmi Ktp400 Basic,Simatic Hmi Ktp700 Basic,Simatic Hmi Ktp900 Basic,Siplus Hmi Ktp1200 Basic,Siplus Hmi Ktp400 Basic,Siplus Hmi Ktp700 Basic,Siplus Hmi Ktp900 Basic",7.5,HIGH,0.001550000044517219,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0 CVE-2021-27385,https://securityvulnerability.io/vulnerability/CVE-2021-27385,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16,Sinamics Gh150,Sinamics Gl150 (with Option X30),Sinamics Gm150 (with Option X30),Sinamics Sh150,Sinamics Sl150,Sinamics Sm120,Sinamics Sm150,Sinamics Sm150i",7.5,HIGH,0.0029299999587237835,false,,false,false,false,,false,false,2021-05-12T13:18:23.000Z,0 CVE-2021-27386,https://securityvulnerability.io/vulnerability/CVE-2021-27386,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16,Sinamics Gh150,Sinamics Gl150 (with Option X30),Sinamics Gm150 (with Option X30),Sinamics Sh150,Sinamics Sl150,Sinamics Sm120,Sinamics Sm150,Sinamics Sm150i",7.5,HIGH,0.004809999838471413,false,,false,false,false,,false,false,2021-05-12T13:18:23.000Z,0 CVE-2021-25661,https://securityvulnerability.io/vulnerability/CVE-2021-25661,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16",7.5,HIGH,0.0014600000577047467,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0 CVE-2021-27383,https://securityvulnerability.io/vulnerability/CVE-2021-27383,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16,Sinamics Gh150,Sinamics Gl150 (with Option X30),Sinamics Gm150 (with Option X30),Sinamics Sh150,Sinamics Sl150,Sinamics Sm120,Sinamics Sm150,Sinamics Sm150i",7.5,HIGH,0.0016599999507889152,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0 CVE-2021-25660,https://securityvulnerability.io/vulnerability/CVE-2021-25660,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16",7.5,HIGH,0.0014700000174343586,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0 CVE-2021-25662,https://securityvulnerability.io/vulnerability/CVE-2021-25662,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16",7.5,HIGH,0.008379999548196793,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0 CVE-2021-27384,https://securityvulnerability.io/vulnerability/CVE-2021-27384,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16,Sinamics Gh150,Sinamics Gl150 (with Option X30),Sinamics Gm150 (with Option X30),Sinamics Sh150,Sinamics Sl150,Sinamics Sm120,Sinamics Sm150,Sinamics Sm150i",9.8,CRITICAL,0.005330000072717667,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0 CVE-2019-19276,https://securityvulnerability.io/vulnerability/CVE-2019-19276,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service.",Siemens,"Simatic Hmi Comfort Panels 1st Generation (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels",5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2021-05-12T13:18:21.000Z,0 CVE-2020-15798,https://securityvulnerability.io/vulnerability/CVE-2020-15798,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)",Siemens,"Simatic Hmi Comfort Panels (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels,Sinamics Gh150,Sinamics Gl150 (with Option X30),Sinamics Gm150 (with Option X30),Sinamics Sh150,Sinamics Sl150,Sinamics Sm120,Sinamics Sm150,Sinamics Sm150i",9.8,CRITICAL,0.014530000276863575,false,,false,false,false,,false,false,2021-02-09T15:38:17.000Z,0 CVE-2019-10936,https://securityvulnerability.io/vulnerability/CVE-2019-10936,,"Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.",Siemens,"Development/evaluation Kits For Profinet Io: Dk Standard Ethernet Controller,Development/evaluation Kits For Profinet Io: Ek-ertec 200,Development/evaluation Kits For Profinet Io: Ek-ertec 200p,Simatic Cfu Pa,Simatic Et 200al Im 157-1 Pn,Simatic Et 200m (incl. Siplus Variants),Simatic Et 200mp Im 155-5 Pn Ba,Simatic Et 200mp Im 155-5 Pn Hf,Simatic Et 200mp Im 155-5 Pn St,Simatic Et 200pro Im 154-3 Pn Hf,Simatic Et 200pro Im 154-4 Pn Hf,Simatic Et 200pro Im 154-8 Pn/dp Cpu,Simatic Et 200pro Im 154-8f Pn/dp Cpu,Simatic Et 200pro Im 154-8fx Pn/dp Cpu,Simatic Et 200s Im 151-8 Pn/dp Cpu,Simatic Et 200s Im 151-8f Pn/dp Cpu,Simatic Et 200sp Im 155-6 Pn Ba,Simatic Et 200sp Im 155-6 Pn Ha (incl. Siplus Variants),Simatic Et 200sp Im 155-6 Pn Hf,Simatic Et 200sp Im 155-6 Pn Hs,Simatic Et 200sp Im 155-6 Pn St,Simatic Et 200sp Im 155-6 Pn St Ba,Simatic Et 200sp Im 155-6 Pn/2 Hf,Simatic Et 200sp Im 155-6 Pn/3 Hf,Simatic Et 200sp Open Controller Cpu 1515sp Pc (incl. Siplus Variants),Simatic Et200ecopn, 16di, Dc24v, 8xm12,Simatic Et200ecopn, 16do Dc24v/1,3a, 8xm12,Simatic Et200ecopn, 4ao U/i 4xm12,Simatic Et200ecopn, 8 Dio, Dc24v/1,3a, 8xm12,Simatic Et200ecopn, 8 Do, Dc24v/2a, 8xm12,Simatic Et200ecopn, 8ai Rtd/tc 8xm12,Simatic Et200ecopn, 8ai; 4 U/i; 4 Rtd/tc 8xm12,Simatic Et200ecopn, 8di, Dc24v, 4xm12,Simatic Et200ecopn, 8di, Dc24v, 8xm12,Simatic Et200ecopn, 8do, Dc24v/0,5a, 4xm12,Simatic Et200ecopn, 8do, Dc24v/1,3a, 4xm12,Simatic Et200ecopn, 8do, Dc24v/1,3a, 8xm12,Simatic Et200ecopn: Io-link Master,Simatic Et200s (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels (incl. Siplus Variants),Simatic Hmi Comfort Panels (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels,Simatic Pn/pn Coupler,Simatic Profinet Driver,Simatic S7-1200 Cpu Family (incl. Siplus Variants),Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants),Simatic S7-1500 Software Controller,Simatic S7-300 Cpu 314c-2 Pn/dp,Simatic S7-300 Cpu 315-2 Pn/dp,Simatic S7-300 Cpu 315f-2 Pn/dp,Simatic S7-300 Cpu 315t-3 Pn/dp,Simatic S7-300 Cpu 317-2 Pn/dp,Simatic S7-300 Cpu 317f-2 Pn/dp,Simatic S7-300 Cpu 317t-3 Pn/dp,Simatic S7-300 Cpu 317tf-3 Pn/dp,Simatic S7-300 Cpu 319-3 Pn/dp,Simatic S7-300 Cpu 319f-3 Pn/dp,Simatic S7-400 Cpu 412-2 Pn V7,Simatic S7-400 Cpu 414-3 Pn/dp V7,Simatic S7-400 Cpu 414f-3 Pn/dp V7,Simatic S7-400 Cpu 416-3 Pn/dp V7,Simatic S7-400 Cpu 416f-3 Pn/dp V7,Simatic S7-400 H V6 Cpu Family (incl. Siplus Variants),Simatic S7-400 Pn/dp V6 And Below Cpu Family (incl. Siplus Variants),Simatic S7-410 V8 Cpu Family (incl. Siplus Variants),Simatic Tdc Cp51m1,Simatic Tdc Cpu555,Simatic Winac Rtx 2010,Simatic Winac Rtx F 2010,Sinamics Dcm,Sinamics Dcp,Sinamics G110m V4.7 Pn Control Unit,Sinamics G120 V4.7 Pn Control Unit (incl. Siplus Variants),Sinamics G130 V4.7 Control Unit,Sinamics G150 Control Unit,Sinamics Gh150 V4.7 Control Unit,Sinamics Gl150 V4.7 Control Unit,Sinamics Gm150 V4.7 Control Unit,Sinamics S110 Control Unit,Sinamics S120 V4.7 Control Unit (incl. Siplus Variants),Sinamics S150 Control Unit,Sinamics Sl150 V4.7 Control Unit,Sinamics Sm120 V4.7 Control Unit,Sinumerik 828d,Sinumerik 840d Sl,Siplus Et 200mp Im 155-5 Pn Hf,Siplus Et 200mp Im 155-5 Pn Hf T1 Rail,Siplus Et 200mp Im 155-5 Pn St,Siplus Et 200mp Im 155-5 Pn St Tx Rail,Siplus Et 200s Im 151-8 Pn/dp Cpu,Siplus Et 200s Im 151-8f Pn/dp Cpu,Siplus Et 200sp Im 155-6 Pn Hf,Siplus Et 200sp Im 155-6 Pn Hf T1 Rail,Siplus Et 200sp Im 155-6 Pn Hf Tx Rail,Siplus Et 200sp Im 155-6 Pn St,Siplus Et 200sp Im 155-6 Pn St Ba,Siplus Et 200sp Im 155-6 Pn St Ba Tx Rail,Siplus Et 200sp Im 155-6 Pn St Tx Rail,Siplus Net Pn/pn Coupler,Siplus S7-300 Cpu 314c-2 Pn/dp,Siplus S7-300 Cpu 315-2 Pn/dp,Siplus S7-300 Cpu 315f-2 Pn/dp,Siplus S7-300 Cpu 317-2 Pn/dp,Siplus S7-300 Cpu 317f-2 Pn/dp,Siplus S7-400 Cpu 414-3 Pn/dp V7,Siplus S7-400 Cpu 416-3 Pn/dp V7",7.5,HIGH,0.0020699999295175076,false,,false,false,false,,false,false,2019-10-10T00:00:00.000Z,0 CVE-2019-6572,https://securityvulnerability.io/vulnerability/CVE-2019-6572,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"",Simatic Hmi Comfort Outdoor Panels 7"" & 15"",Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Simatic Wincc (tia Portal),Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",9.1,CRITICAL,0.003800000064074993,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0 CVE-2019-6576,https://securityvulnerability.io/vulnerability/CVE-2019-6576,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"",Simatic Hmi Comfort Outdoor Panels 7"" & 15"",Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Simatic Wincc (tia Portal),Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",7.5,HIGH,0.0013500000350177288,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0 CVE-2019-6577,https://securityvulnerability.io/vulnerability/CVE-2019-6577,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"",Simatic Hmi Comfort Outdoor Panels 7"" & 15"",Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Simatic Wincc (tia Portal),Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0 CVE-2019-6568,https://securityvulnerability.io/vulnerability/CVE-2019-6568,,"The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.",Siemens,"Simatic Cp 1604,Simatic Cp 1616,Simatic Cp 343-1 Advanced,Simatic Cp 443-1,Simatic Cp 443-1 Advanced,Simatic Cp 443-1 Opc Ua,Simatic Et 200pro Im154-8 Pn/dp Cpu,Simatic Et 200pro Im154-8f Pn/dp Cpu,Simatic Et 200pro Im154-8fx Pn/dp Cpu,Simatic Et 200s Im151-8 Pn/dp Cpu,Simatic Et 200s Im151-8f Pn/dp Cpu,Simatic Et 200sp Open Controller Cpu 1515sp Pc (incl. Siplus Variants),Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels 7"" & 15"" (incl. Siplus Variants),Simatic Hmi Comfort Panels 4"" - 22"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Ipc Diagmonitor,Simatic Rf182c,Simatic Rf185c,Simatic Rf186c,Simatic Rf188c,Simatic Rf600r Family,Simatic Rfid 181eip,Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants),Simatic S7-1500 Software Controller,Simatic S7-300 Cpu 314c-2 Pn/dp,Simatic S7-300 Cpu 315-2 Pn/dp,Simatic S7-300 Cpu 315f-2 Pn/dp,Simatic S7-300 Cpu 315t-3 Pn/dp,Simatic S7-300 Cpu 317-2 Pn/dp,Simatic S7-300 Cpu 317f-2 Pn/dp,Simatic S7-300 Cpu 317t-3 Pn/dp,Simatic S7-300 Cpu 317tf-3 Pn/dp,Simatic S7-300 Cpu 319-3 Pn/dp,Simatic S7-300 Cpu 319f-3 Pn/dp,Simatic S7-400 Pn/dp V6 And Below Cpu Family (incl. Siplus Variants),Simatic S7-400 Pn/dp V7 Cpu Family (incl. Siplus Variants),Simatic S7-plcsim Advanced,Simatic Teleservice Adapter Ie Advanced,Simatic Teleservice Adapter Ie Basic,Simatic Teleservice Adapter Ie Standard,Simatic Winac Rtx 2010,Simatic Winac Rtx F 2010,Simatic Wincc Runtime Advanced,Simocode Pro V Ethernet/ip (incl. Siplus Variants),Simocode Pro V Profinet (incl. Siplus Variants),Sinamics G130 V4.6 Control Unit,Sinamics G130 V4.7 Control Unit,Sinamics G130 V4.7 Sp1 Control Unit,Sinamics G130 V4.8 Control Unit,Sinamics G130 V5.1 Control Unit,Sinamics G130 V5.1 Sp1 Control Unit,Sinamics G150 V4.6 Control Unit,Sinamics G150 V4.7 Control Unit,Sinamics G150 V4.7 Sp1 Control Unit,Sinamics G150 V4.8 Control Unit,Sinamics G150 V5.1 Control Unit,Sinamics G150 V5.1 Sp1 Control Unit,Sinamics Gh150 V4.7 (control Unit),Sinamics Gh150 V4.8 (control Unit),Sinamics Gl150 V4.7 (control Unit),Sinamics Gl150 V4.8 (control Unit),Sinamics Gm150 V4.7 (control Unit),Sinamics Gm150 V4.8 (control Unit),Sinamics S120 V4.6 Control Unit (incl. Siplus Variants),Sinamics S120 V4.7 Control Unit (incl. Siplus Variants),Sinamics S120 V4.7 Sp1 Control Unit (incl. Siplus Variants),Sinamics S120 V4.8 Control Unit (incl. Siplus Variants),Sinamics S120 V5.1 Control Unit (incl. Siplus Variants),Sinamics S120 V5.1 Sp1 Control Unit (incl. Siplus Variants),Sinamics S150 V4.6 Control Unit,Sinamics S150 V4.7 Control Unit,Sinamics S150 V4.7 Sp1 Control Unit,Sinamics S150 V4.8 Control Unit,Sinamics S150 V5.1 Control Unit,Sinamics S150 V5.1 Sp1 Control Unit,Sinamics S210,Sinamics Sl150 V4.7 (control Unit),Sinamics Sl150 V4.8 (control Unit),Sinamics Sm120 V4.7 (control Unit),Sinamics Sm120 V4.8 (control Unit),Sinamics Sm150 V4.8 (control Unit),Siplus Et 200s Im151-8 Pn/dp Cpu,Siplus Et 200s Im151-8f Pn/dp Cpu,Siplus Net Cp 343-1 Advanced,Siplus Net Cp 443-1,Siplus Net Cp 443-1 Advanced,Siplus S7-300 Cpu 314c-2 Pn/dp,Siplus S7-300 Cpu 315-2 Pn/dp,Siplus S7-300 Cpu 315f-2 Pn/dp,Siplus S7-300 Cpu 317-2 Pn/dp,Siplus S7-300 Cpu 317f-2 Pn/dp,Sitop Manager,Sitop Psu8600,Sitop Ups1600 (incl. Siplus Variants),Tim 1531 Irc (incl. Siplus Net Variants)",7.5,HIGH,0.0012000000569969416,false,,false,false,false,,false,false,2019-04-17T13:40:24.000Z,0 CVE-2019-6575,https://securityvulnerability.io/vulnerability/CVE-2019-6575,,"A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4"" - 22"" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.",Siemens,"Simatic Cp 443-1 Opc Ua,Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels 7"" & 15"" (incl. Siplus Variants),Simatic Hmi Comfort Panels 4"" - 22"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Ipc Diagmonitor,Simatic Net Pc Software V13,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Rf188c,Simatic Rf600r Family,Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants),Simatic S7-1500 Software Controller,Simatic Wincc Oa,Simatic Wincc Runtime Advanced,Sinec Nms,Sinema Server,Sinumerik Opc Ua Server,Telecontrol Server Basic",7.5,HIGH,0.0017900000093504786,false,,false,false,false,,false,false,2019-04-17T13:40:24.000Z,0 CVE-2018-13812,https://securityvulnerability.io/vulnerability/CVE-2018-13812,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"", Simatic Hmi Comfort Outdoor Panels 7"" & 15"", Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Professional, Simatic Wincc (tia Portal), Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",7.5,HIGH,0.0017500000540167093,false,,false,false,false,,false,false,2018-12-13T16:00:00.000Z,0 CVE-2018-13813,https://securityvulnerability.io/vulnerability/CVE-2018-13813,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"", Simatic Hmi Comfort Outdoor Panels 7"" & 15"", Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Professional, Simatic Wincc (tia Portal), Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",8.1,HIGH,0.0015800000401213765,false,,false,false,false,,false,false,2018-12-13T16:00:00.000Z,0 CVE-2018-13814,https://securityvulnerability.io/vulnerability/CVE-2018-13814,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"", Simatic Hmi Comfort Outdoor Panels 7"" & 15"", Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Professional, Simatic Wincc (tia Portal), Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",8.8,HIGH,0.0020800000056624413,false,,false,false,false,,false,false,2018-12-13T16:00:00.000Z,0