Simatic s7-1200 firmware

This hub aggregates every CVE we track for Simatic s7-1200 firmware, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 10 most recently published vulnerabilities affecting Simatic s7-1200 firmware.

• CVE-2020-28400Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets ...7.5Jul 13, 2021
• CVE-2019-13945A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 C...6.8Dec 12, 2019
• CVE-2018-13815A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by openin...7.5Dec 13, 2018
• CVE-2017-12741Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.7.5Dec 26, 2017
• CVE-2017-2681Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to ...6.5May 11, 2017
• CVE-2017-2680Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the s...6.5May 11, 2017
• CVE-2013-2780Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port).7.8Apr 22, 2013
• CVE-2013-0700Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port).7.8Apr 22, 2013
• CVE-2012-3040Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.4.3Oct 10, 2012
• CVE-2012-3037The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web s...4.3Sep 25, 2012