Simatic Mv420 Firmware

simatic_mv420_firmware

Vendor: Siemens • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-27632 1Siemens 2Simatic Mv420 Firmware Simatic Mv440 Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions.
CVE-2019-13946 1Siemens 52Dk Standard Ethernet Controller Ek Ertec 200 FirmwareEk Ertec 200p Firmware+49 more Nov 21, 2024 Feb 11, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of ser...Show more Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.Show less
CVE-2019-10926 1Siemens 2Simatic Mv420 Firmware Simatic Mv440 Firmware Nov 21, 2024 Jun 12, 2019 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a pr...Show more A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted.Show less
CVE-2019-10925 1Siemens 2Simatic Mv420 Firmware Simatic Mv440 Firmware Nov 21, 2024 Jun 12, 2019 N/A· v4 7.1 HIGH· v3 5.5 MEDIUM· v2 A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vul...Show more A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less