Advisories | CERT@VDE

2022-08-09 10:00 VDE-2022-032

AUMA: Multiple Vulnerabilities in Automation Runtime NTP Service

The SIMA² Master Station features an NTP service based on ntpd, a reference implementation of the Network Time Protocol (NTP). Affected SIMA² Master Stations with software version < V2.6 include an outdated version of ntpd which is affected by a large number of vulnerabilities

weiter ...

CVE-2015-7853: 9.8

CVE-2015-7705: 9.8

CVE-2018-12327: 9.8

CVE-2015-7871: 9.8

CVE-2018-7183: 9.8

CVE-2017-6458: 8.8

CVE-2015-7849: 8.8

CVE-2017-6460: 8.8

CVE-2015-7854: 8.8

CVE-2017-6451: 7.8

CVE-2017-6462: 7.8

CVE-2015-7974: 7.7

CVE-2018-7185: 7.5

CVE-2018-7184: 7.5

CVE-2018-7182: 7.5

CVE-2014-9293: 7.5

CVE-2014-9294: 7.5

CVE-2014-9295: 7.5

CVE-2020-11868: 7.5

CVE-2019-8936: 7.5

CVE-2015-5300: 7.5

CVE-2015-7691: 7.5

CVE-2015-7692: 7.5

CVE-2015-7701: 7.5

CVE-2015-7703: 7.5

CVE-2015-7704: 7.5

CVE-2016-4954: 7.5

CVE-2015-7978: 7.5

CVE-2015-7979: 7.5

CVE-2016-7434: 7.5

CVE-2016-7426: 7.5

CVE-2016-4957: 7.5

CVE-2016-4953: 7.5

CVE-2020-13817: 7.4

CVE-2016-1548: 7.2

CVE-2016-1549: 6.5

CVE-2015-7973: 6.5

CVE-2015-7702: 6.5

CVE-2016-9310: 6.5

CVE-2015-7855: 6.5

CVE-2017-6464: 6.5

CVE-2015-7851: 6.5

CVE-2017-6463: 6.5

CVE-2015-7850: 6.5

CVE-2009-3563: 6.4

CVE-2015-7975: 6.2

CVE-2015-7852: 5.9

CVE-2016-9311: 5.9

CVE-2015-7977: 5.9

CVE-2016-2519: 5.9

CVE-2016-4955: 5.9

CVE-2015-8158: 5.9

CVE-2014-9750: 5.8

CVE-2016-1547: 5.3

CVE-2016-4956: 5.3

CVE-2016-2518: 5.3

CVE-2016-7431: 5.3

CVE-2016-7433: 5.3

CVE-2016-2517: 5.3

CVE-2016-2516: 5.3

CVE-2016-1550: 5.3

CVE-2015-8139: 5.3

CVE-2015-8138: 5.3

CVE-2018-8956: 5.3

CVE-2014-9296: 5.0

CVE-2013-5211: 5.0

CVE-2020-15025: 4.9

CVE-2015-8140: 4.8

CVE-2016-7428: 4.3

CVE-2016-7427: 4.3

CVE-2015-7976: 4.3

CVE-2016-1551: 3.7

CVE-2016-7429: 3.7

2022-06-15 10:00 VDE-2022-024

Auma: SIMA² Master Station Denial of Service Vulnerability on Automation Runtime Webserver

Improper buffer restrictions in the webserver used in SIMA² Master Station software versions < V 2.6 may allow an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.

weiter ...

CVE-2021-22275: 8.6