Siemens Simatic Et 200sp Cpu 1512sp F-1 Pn
11 CVEs affecting Siemens Simatic Et 200sp Cpu 1512sp F-1 Pn. Latest disclosed: 2026-05-12. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-40943 | Critical | 9.6 | 2026-03-10 | Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user… |
CVE-2026-25787 | Critical | 9.1 | 2026-05-12 | Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This… |
CVE-2026-25786 | Critical | 9.1 | 2026-05-12 | Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow… |
CVE-2025-40833 | High | 7.5 | 2026-05-12 | The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause d… |
CVE-2025-40820 | High | 7.5 | 2025-12-09 | Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unau… |
CVE-2023-28831 | High | 7.5 | 2023-09-12 | The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infi… |
CVE-2026-25789 | High | 7.1 | 2026-05-12 | Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user i… |
CVE-2024-23814 | Medium | 5.3 | 2025-02-11 | The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted… |
CVE-2023-37482 | Medium | 5.3 | 2025-02-11 | The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could… |
CVE-2024-46887 | Medium | 5.3 | 2024-10-08 | The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenti… |
CVE-2024-46886 | Medium | 4.7 | 2024-10-08 | The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redire… |