AUMA: SIMA Master Station affected by WRECK vulnerability

Forescout Research Labs, partnering with JSOF Research, disclosed NAME:WRECK, a set of Domain Name System (DNS) vulnerabilities that have the potential to cause either Denial of Service (DoS) or Remote Code Execution, allowing attackers to take targeted devices offline or to gain control over them. The vulnerability could be exploited by an attacker on the same network or on a remote network by spoofing packets.


CVE-2016-20009: 9.8

AUMA: Reflected Cross-Site Scripting Vulnerability in SIMA Master Stations

A reflected cross-site scripting vulnerability exists in the System Diagnostics Manager (SDM) component of SIMA² Master Stations.


CVE-2022-4286: 6.1

AUMA: Multiple Vulnerabilities in Automation Runtime NTP Service

The SIMA2 Master Station features an NTP service based on ntpd, a reference implementation of the Network Time Protocol (NTP). Affected SIMA2 Master Stations with software version < V2.6 include an outdated version of ntpd which is affected by a large number of vulnerabilities


CVE-2015-7853: 9.8
CVE-2015-7705: 9.8
CVE-2018-12327: 9.8
CVE-2015-7871: 9.8
CVE-2018-7183: 9.8
CVE-2017-6458: 8.8
CVE-2015-7849: 8.8
CVE-2017-6460: 8.8
CVE-2015-7854: 8.8
CVE-2017-6451: 7.8
CVE-2017-6462: 7.8
CVE-2015-7974: 7.7
CVE-2018-7185: 7.5
CVE-2018-7184: 7.5
CVE-2018-7182: 7.5
CVE-2014-9293: 7.5
CVE-2014-9294: 7.5
CVE-2014-9295: 7.5
CVE-2020-11868: 7.5
CVE-2019-8936: 7.5
CVE-2015-5300: 7.5
CVE-2015-7691: 7.5
CVE-2015-7692: 7.5
CVE-2015-7701: 7.5
CVE-2015-7703: 7.5
CVE-2015-7704: 7.5
CVE-2016-4954: 7.5
CVE-2015-7978: 7.5
CVE-2015-7979: 7.5
CVE-2016-7434: 7.5
CVE-2016-7426: 7.5
CVE-2016-4957: 7.5
CVE-2016-4953: 7.5
CVE-2020-13817: 7.4
CVE-2016-1548: 7.2
CVE-2016-1549: 6.5
CVE-2015-7973: 6.5
CVE-2015-7702: 6.5
CVE-2016-9310: 6.5
CVE-2015-7855: 6.5
CVE-2017-6464: 6.5
CVE-2015-7851: 6.5
CVE-2017-6463: 6.5
CVE-2015-7850: 6.5
CVE-2009-3563: 6.4
CVE-2015-7975: 6.2
CVE-2015-7852: 5.9
CVE-2016-9311: 5.9
CVE-2015-7977: 5.9
CVE-2016-2519: 5.9
CVE-2016-4955: 5.9
CVE-2015-8158: 5.9
CVE-2014-9750: 5.8
CVE-2016-1547: 5.3
CVE-2016-4956: 5.3
CVE-2016-2518: 5.3
CVE-2016-7431: 5.3
CVE-2016-7433: 5.3
CVE-2016-2517: 5.3
CVE-2016-2516: 5.3
CVE-2016-1550: 5.3
CVE-2015-8139: 5.3
CVE-2015-8138: 5.3
CVE-2018-8956: 5.3
CVE-2014-9296: 5.0
CVE-2013-5211: 5.0
CVE-2020-15025: 4.9
CVE-2015-8140: 4.8
CVE-2016-7428: 4.3
CVE-2016-7427: 4.3
CVE-2015-7976: 4.3
CVE-2016-1551: 3.7
CVE-2016-7429: 3.7

Auma: SIMA² Master Station Denial of Service Vulnerability on Automation Runtime Webserver

Improper buffer restrictions in the webserver used in SIMA² Master Station software versions < V 2.6 may allow an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.


CVE-2021-22275: 8.6

Feeds

Nach Hersteller

Archiv

2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0