Simatic Cp 1616 Firmware

simatic_cp_1616_firmware

Vendor: Siemens • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-37195 1Siemens 5Simatic Cp 1604 Firmware Simatic Cp 1616 FirmwareSimatic Cp 1623 Firmware+2 more Nov 21, 2024 Oct 10, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insu...Show more A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again.Show less
CVE-2023-37194 1Siemens 5Simatic Cp 1604 Firmware Simatic Cp 1616 FirmwareSimatic Cp 1623 Firmware+2 more Nov 21, 2024 Oct 10, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of...Show more A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.Show less
CVE-2019-13946 1Siemens 52Dk Standard Ethernet Controller Ek Ertec 200 FirmwareEk Ertec 200p Firmware+49 more Nov 21, 2024 Feb 11, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of ser...Show more Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.Show less
CVE-2017-2681 1Siemens 79Dk Standard Ethernet Controller Firmware Ek Ertec 200 Pn Io FirmwareEk Ertec 200p Pn Io Firmware+76 more May 13, 2026 May 11, 2017 7.1 HIGH· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PRO...Show more Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.Show less
CVE-2017-2680 1Siemens 93Dk Standard Ethernet Controller Firmware Ek Ertec 200 Pn Io FirmwareEk Ertec 200p Pn Io Firmware+90 more May 13, 2026 May 11, 2017 7.1 HIGH· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interf...Show more Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.Show less