Siemens Simatic S7-plcsim Advanced
23 CVEs affecting Siemens Simatic S7-plcsim Advanced. Latest disclosed: 2026-05-12. Critical: 5, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-15782 | Critical | 9.8 | 2021-05-28 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS va… |
CVE-2025-40943 | Critical | 9.6 | 2026-03-10 | Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user… |
CVE-2022-38465 | Critical | 9.3 | 2022-10-11 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS va… |
CVE-2026-25787 | Critical | 9.1 | 2026-05-12 | Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This… |
CVE-2026-25786 | Critical | 9.1 | 2026-05-12 | Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow… |
CVE-2025-30033 | High | 7.8 | 2025-08-12 | The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an applicat… |
CVE-2023-46156 | High | 7.5 | 2023-12-12 | Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A res… |
CVE-2023-28831 | High | 7.5 | 2023-09-12 | The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infi… |
CVE-2021-40365 | High | 7.5 | 2022-12-13 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in th… |
CVE-2021-37205 | High | 7.5 | 2022-02-09 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl… |
CVE-2021-37204 | High | 7.5 | 2022-02-09 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9… |
CVE-2021-37185 | High | 7.5 | 2022-02-09 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl… |
CVE-2019-6568 | High | 7.5 | 2019-04-17 | The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situ… |
CVE-2026-25789 | High | 7.1 | 2026-05-12 | Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user i… |
CVE-2022-30694 | Medium | 6.5 | 2022-11-08 | The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the a… |
CVE-2021-44694 | Medium | 5.5 | 2022-12-13 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in th… |
CVE-2023-37482 | Medium | 5.3 | 2025-02-11 | The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could… |
CVE-2024-46887 | Medium | 5.3 | 2024-10-08 | The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenti… |
CVE-2021-44695 | Medium | 4.9 | 2022-12-13 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in th… |
CVE-2021-44693 | Medium | 4.9 | 2022-12-13 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in th… |