Siemens SIMATIC S7-1500 contains improper check for unusual or exceptional conditions, improper input validation, use after free and more vulnerabilities that can allow an attacker to cause a heap-based buffer overflow, local privilege escalation, kernel information leak and a denial-of-service condition.

Sources: CISA, Siemens

Siemens SIMATIC WinCC contains a classic buffer overflow vulnerability that can allow a local attacker to cause a denial-of-service condition in the runtime of the SCADA system.

Sources: CISA, Siemens

Siemens RUGGEDCOM APE1808 before V11.0.1 contains network amplification, exposure of sensitive system information to an unauthorized control sphere, external control of file name or path and more vulnerabilities that can allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

Sources: CISA, Siemens

Siemens RUGGEDCOM APE1808 contains cross-site scripting, improper privilege management, improper check for unusual or exceptional conditions and more vulnerabilities that can allow a malicious administrator to store a JavaScript payload using the web interface, revoke active XML API keys from the firewall and disrupt XML API usage or cause a denial-of-service.

Sources: CISA, Siemens

Siemens Scalance W1750D contains a classic buffer overflow vulnerability that can allow an attacker to exploit buffer overflow and information disclosure vulnerabilities, which could lead to information disclosure or unauthenticated remote code execution.

Sources: CISA, Siemens

Rockwell Automation 5015-AENFTXT contains an improper input validation vulnerability that can allow an attacker to crash the device and impact availability for the affected system.

Sources: CISA, Rockwell Automation

SUBNET PowerSYSTEM Server and Substation Server contain a reliance on insufficiently trustworthy component vulnerability that can allow privilege escalation, denial of service or arbitrary code execution.

Sources: CISA, SUBNET