Siemens Simatic Drive Controller Cpu 1504d Tf
15 CVEs affecting Siemens Simatic Drive Controller Cpu 1504d Tf. Latest disclosed: 2026-05-12. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-40943 | Critical | 9.6 | 2026-03-10 | Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user… |
CVE-2026-25787 | Critical | 9.1 | 2026-05-12 | Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This… |
CVE-2026-25786 | Critical | 9.1 | 2026-05-12 | Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow… |
CVE-2023-46156 | High | 7.5 | 2023-12-12 | Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A res… |
CVE-2023-28831 | High | 7.5 | 2023-09-12 | The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infi… |
CVE-2021-40365 | High | 7.5 | 2022-12-13 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in th… |
CVE-2026-25789 | High | 7.1 | 2026-05-12 | Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user i… |
CVE-2022-30694 | Medium | 6.5 | 2022-11-08 | The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the a… |
CVE-2021-44694 | Medium | 5.5 | 2022-12-13 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in th… |
CVE-2023-37482 | Medium | 5.3 | 2025-02-11 | The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could… |
CVE-2024-46887 | Medium | 5.3 | 2024-10-08 | The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenti… |
CVE-2021-44695 | Medium | 4.9 | 2022-12-13 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in th… |
CVE-2021-44693 | Medium | 4.9 | 2022-12-13 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in th… |
CVE-2024-46886 | Medium | 4.7 | 2024-10-08 | The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redire… |
CVE-2022-38773 | Medium | 4.6 | 2023-01-10 | Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during… |