SCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2M Security Vulnerabilities

Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87984)

SIMATIC Drive Controllers for the automation of production machines combine the functions of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller and includes optional visualization and central I/O in...

Siemens SCALANCE X-200RNA Switch Devices Information Disclosure Vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.An information disclosure vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which could be exploited by an attacker to gain access to...

Siemens SCALANCE M-800/S615 Series Information Disclosure Vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An information disclosure vulnerability exists in the Siemens SCALANCE M-800/S615 series due to the affected devices not properly checking the TFTP block size. An attacker who is allowed to authenticate could...

Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87983)

SIMATIC Drive Controllers for the automation of production machines combine the functions of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller and includes optional visualization and central I/O in...

Siemens SCALANCE X-200RNA Switch Devices are not controlled for resource consumption vulnerability (CNVD-2022-87967)

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.An uncontrolled resource consumption vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which can be exploited by an attacker to cause a denial....

CVE-2022-46354

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46350

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46144

A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions &...

CVE-2022-46144

A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions &...

CVE-2022-46140

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the...

CVE-2022-46352

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46143

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated...

CVE-2022-46351

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46354

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46355

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46355

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46352

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46350

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46353

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46353

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46351

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46142

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Cross site scripting

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Information disclosure

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C ...

CVE-2022-46354

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46351

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46352

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46355

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46353

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46350

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions &lt...

CVE-2022-46144

A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions &...

SIM swapper jailed for 18 months over crypto heist

Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin (@michaelterpin), a renowned personality in the cryptocurrency space, $23.8M. The theft happened on January 2018, where Truglia and his co-conspirators targeted....

(RHSA-2022:8809) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158) kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()...

2m-services.com Cross Site Scripting vulnerability OBB-3086216

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Time to uninstall! Abandoned Android apps pack a vulnerability punch

Synopsis has published an advisory warning of multiple vulnerabilities across three different Android remote mouse and keyboard apps with a combined install count of about two million. The apps are at risk from remote code execution (RCE), and there's no sign of a fix coming anytime, ever....

Scrcpy - Display And Control Your Android Device

pronounced "screen copy" Read in another language This application provides display and control of Android devices connected via USB or over TCP/IP. It does not require any root access. It works on GNU/Linux, Windows and macOS. It focuses on: lightness: native, displays only the device screen...

Siemens SCALANCE W1700

EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1700 Vulnerabilities: Race Condition, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause various...

Siemens SCALANCE W1750D

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Uncontrolled Resource Consumption, Buffer Copy without Checking Size of Input, Improper Neutralization of Input During Web Page Generation,...

Siemens SCALANCE X-200 and X-200IRT Families (Update A)

EXECUTIVE SUMMARY --------- Begin Update A part 1 of 2 --------- CVSS v3 9.6 --------- End Update A part 1 of 2 --------- ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X-200 and X-200IRT Families Vulnerability: Cross-site Scripting 2. UPDATE OR...

CISA Releases Twenty Industrial Control Systems Advisories

CISA has released twenty (20) Industrial Control Systems (ICS) advisories on November 10, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...

Cross-site request forgery vulnerability in multiple Siemens products

SIMATIC Drive Controllers are designed for the automation of production machines and combine the functionality of SIMATIC S7-1500 CPUs and SINAMICS S120 Drive Controllers.SIMATIC PC Station is a software component for managing SIMATIC software products and interfaces on PCs. SIMATIC S7-1200 CPUs...

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....

(RHSA-2022:7318) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585) Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For...

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585) Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For...

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585) Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more...