Siemens Simatic Et 200sp Cpu 1514sp-2 Pn
8 CVEs affecting Siemens Simatic Et 200sp Cpu 1514sp-2 Pn. Latest disclosed: 2026-05-12. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-40943 | Critical | 9.6 | 2026-03-10 | Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user… |
CVE-2026-25787 | Critical | 9.1 | 2026-05-12 | Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This… |
CVE-2026-25786 | Critical | 9.1 | 2026-05-12 | Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow… |
CVE-2023-28831 | High | 7.5 | 2023-09-12 | The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infi… |
CVE-2026-25789 | High | 7.1 | 2026-05-12 | Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user i… |
CVE-2023-37482 | Medium | 5.3 | 2025-02-11 | The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could… |
CVE-2024-46887 | Medium | 5.3 | 2024-10-08 | The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenti… |
CVE-2024-46886 | Medium | 4.7 | 2024-10-08 | The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redire… |