CVE-2025-24811

CVE-2025-24811

Título es
CVE-2025-24811

Mar, 11/02/2025 – 11:15

Tipo
CWE-404

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-24811

Descripción en
A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0). Affected devices do not process correctly certain special crafted packets sent to port 80/tcp, which could allow an unauthenticated attacker to cause a denial of service in the device.

11/02/2025
11/02/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Gravedad 4.0
8.70

Gravedad 4.0 txt
HIGH

Gravedad 3.1 (CVSS 3.1 Base Score)
7.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-224824.html

    • Enviar en el boletín
    Off

    CVE-2025-24532

    CVE-2025-24532

    Título es
    CVE-2025-24532

    Mar, 11/02/2025 – 11:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24532

    Descripción en
    A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions

    11/02/2025
    11/02/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-769027.html

    • Enviar en el boletín
    Off

    CVE-2025-24499

    CVE-2025-24499

    Título es
    CVE-2025-24499

    Mar, 11/02/2025 – 11:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24499

    Descripción en
    A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions

    11/02/2025
    11/02/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Gravedad 4.0
    7.50

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-769027.html

    • Enviar en el boletín
    Off

    CVE-2025-23403

    CVE-2025-23403

    Título es
    CVE-2025-23403

    Mar, 11/02/2025 – 11:15

    Tipo
    CWE-732

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23403

    Descripción en
    A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to privilege escalation or bypassing endpoint protection and other security measures.

    11/02/2025
    11/02/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 4.0
    7.30

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-369369.html

    • Enviar en el boletín
    Off

    CVE-2025-23363

    CVE-2025-23363

    Título es
    CVE-2025-23363

    Mar, 11/02/2025 – 11:15

    Tipo
    CWE-601

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23363

    Descripción en
    A vulnerability has been identified in Teamcenter (All versions

    11/02/2025
    11/02/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

    Gravedad 4.0
    6.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-656895.html

    • Enviar en el boletín
    Off

    CVE-2025-0862

    CVE-2025-0862

    Título es
    CVE-2025-0862

    Mar, 11/02/2025 – 11:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0862

    Descripción en
    The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is limited to Chromium-based browsers (e.g. Chrome, Edge, Brave).

    11/02/2025
    11/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://plugins.trac.wordpress.org/browser/supersaas-appointment-scheduling/tags/2.1.12/includes/shortcode.php#L15

  • https://plugins.trac.wordpress.org/browser/supersaas-appointment-scheduling/tags/2.1.12/includes/shortcode.php#L31

  • https://plugins.trac.wordpress.org/changeset/3235242/

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/8698255b-6c03-464b-8cb5-191d3e77009f?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-26491

    CVE-2025-26491

    Título es
    CVE-2025-26491

    Mar, 11/02/2025 – 11:15

    Tipo
    CWE-918

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-26491

    Descripción en
    A vulnerability has been identified in Opcenter Intelligence (All versions

    11/02/2025
    11/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-246355.html

    • Enviar en el boletín
    Off

    CVE-2025-26490

    CVE-2025-26490

    Título es
    CVE-2025-26490

    Mar, 11/02/2025 – 11:15

    Tipo
    CWE-532

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-26490

    Descripción en
    A vulnerability has been identified in Opcenter Intelligence (All versions

    11/02/2025
    11/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-246355.html

    • Enviar en el boletín
    Off

    CVE-2025-24956

    CVE-2025-24956

    Título es
    CVE-2025-24956

    Mar, 11/02/2025 – 11:15

    Tipo
    CWE-120

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24956

    Descripción en
    A vulnerability has been identified in OpenV2G (All versions

    11/02/2025
    11/02/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-647005.html

    • Enviar en el boletín
    Off

    CVE-2025-24812

    CVE-2025-24812

    Título es
    CVE-2025-24812

    Mar, 11/02/2025 – 11:15

    Tipo
    CWE-1286

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24812

    Descripción en
    A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0) (All versions

    11/02/2025
    11/02/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-224824.html

    • Enviar en el boletín
    Off