Vulnerabilties

The document lists several Common Vulnerabilities and Exposures (CVEs) related to industrial control systems, including vulnerabilities in products from Schweitzer Engineering Laboratories (SEL), Siemens, and ABB. Many of the vulnerabilities allowed remote code execution, denial of service attacks, or privilege escalation. The CVEs included weaknesses in web interfaces, communications protocols, and weak password storage.

Uploaded by

Crimson Phoenix

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

122 views2 pages

Vulnerabilties

Uploaded by

Crimson Phoenix

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

Vulnerability

(CVE)

Base
Score

Exploitab Resiliency
Impact
ility
Impact

CVE-2013-2798

4.7

6.9

3.4

CVE-2013-0665

6.2

1.9

CVE-2013-2792

7.1

6.9

8.6

CVE-2015-1355

2.1

2.9

3.9

CVE-2015-4174

4.3

2.9

8.6

Adjusted
CVSS

Description
Schweitzer Engineering Laboratories (SEL) SEL-2241,
SEL-3505, and SEL-3530 RTAC master devices allow
physically proximate attackers to cause a denial of service
0.3930348 2.608613731 (infinite loop) via crafted input over a serial line.
Schweitzer Engineering Laboratories (SEL) AcSELerator
QuickSet before 5.12.0.1 uses weak permissions for its
Program Files directory, which allows local users to
replace executable files, and consequently gain privileges,
1
6.18576 via standard filesystem operations.
Schweitzer Engineering Laboratories (SEL) SEL-2241,
SEL-3505, and SEL-3530 RTAC master devices allow
remote attackers to cause a denial of service (infinite loop)
0.3930348 5.054693731 via a crafted DNP3 TCP packet.
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1
uses a weak password-hash algorithm, which makes it
easier for local users to determine cleartext passwords by
0.4303483 3.107097313 reading a project file and conducting a brute-force attack.
Cross-site scripting (XSS) vulnerability in the integrated
web server on the Siemens Climatix BACnet/IP
communication module with firmware before 10.34 allows
remote attackers to inject arbitrary web script or HTML
0.8681592 8.407171343 via a crafted URL.

CVE-2015-8214

9.7

9.5

CVE-2011-5007

CVE-2008-2474

0.5771144

CVE-2011-5007

0.7164179

Siemens SIMATIC CP 343-1 Advanced devices before

3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM
3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE
DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3
devices, CP 443-1 devices, and CP 443-1 Advanced
devices might allow remote attackers to obtain
9.996 administrative access via a session on TCP port 102.
Stack-based buffer overflow in the CmpWebServer
component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as
used on the ABB AC500 PLC and possibly other products,
allows remote attackers to execute arbitrary code via a
9.996 long URI to TCP port 8080.
Buffer overflow in x87 before 3.5.5 in ABB Process
Communication Unit 400 (PCU400) 4.4 through 4.6
allows remote attackers to execute arbitrary code via a
crafted packet using the (1) IEC60870-5-101 or (2)
IEC60870-5-104 communication protocol to the X87 web
7.012119403 interface.
Stack-based buffer overflow in the CmpWebServer
component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as
used on the ABB AC500 PLC and possibly other products,
allows remote attackers to execute arbitrary code via a
7.995044776 long URI to TCP port 8080.