U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2016-2846

Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors.

Published: March 16, 2016; 6:59:04 AM -0400 		V3.0: 6.5 MEDIUM
 V2.0: 6.4 MEDIUM
CVE-2014-2909

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

Published: April 25, 2014; 1:12:07 AM -0400 		V3.x:(not available)
 V2.0: 5.8 MEDIUM
CVE-2014-2908

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 25, 2014; 1:12:07 AM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2014-2258

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.

Published: March 24, 2014; 10:20:39 AM -0400 		V3.x:(not available)
 V2.0: 7.8 HIGH
CVE-2014-2254

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.

Published: March 24, 2014; 10:20:39 AM -0400 		V3.x:(not available)
 V2.0: 7.8 HIGH
CVE-2014-2256

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.

Published: March 24, 2014; 10:20:39 AM -0400 		V3.x:(not available)
 V2.0: 7.8 HIGH
CVE-2014-2252

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.

Published: March 24, 2014; 10:20:39 AM -0400 		V3.x:(not available)
 V2.0: 6.1 MEDIUM
CVE-2014-2250

The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.

Published: March 24, 2014; 10:20:39 AM -0400 		V3.x:(not available)
 V2.0: 8.3 HIGH