This page lists publicly disclosed CVE vulnerabilities affecting siemens simatic_s7-1500_software_controller_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-46156 | Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations. | [email protected] | 7.5 | 1.24% | 2023-12-12 | 2026-06-17 |
| CVE-2023-28831 | The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. | [email protected] | 8.7 | 0.82% | 2023-09-12 | 2026-06-17 |
| CVE-2021-44695 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | [email protected] | 4.9 | 0.72% | 2022-12-13 | 2026-06-17 |
| CVE-2021-44694 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | [email protected] | 5.5 | 0.62% | 2022-12-13 | 2026-06-17 |
| CVE-2021-44693 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | [email protected] | 4.9 | 0.72% | 2022-12-13 | 2026-06-17 |
| CVE-2021-40365 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | [email protected] | 7.5 | 0.87% | 2022-12-13 | 2026-06-17 |
| CVE-2020-15796 | A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request. | [email protected] | 7.5 | 1.59% | 2020-12-14 | 2026-06-16 |
| CVE-2017-2680 | Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. | [email protected] | 7.1 | 1.15% | 2017-05-10 | 2026-06-16 |