7 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 142EXPL: 0

Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. Se ha identificado una vulnerabilidad en: SCALANCE XB205-3 (SC, PN) (V < 4.5), SCALANCE XB205-3 (ST, E/IP) (V < 4.5), SCALANCE XB205-3 (ST, E/IP) (V < 4.5), SCALANCE XB205-3 (ST, PN) (V < 4.5), SCALANCE XB205-3LD (SC, E/IP) (V < 4.5), SCALANCE XB205-3LD (SC, PN) (V < 4.5), SCALANCE XB208 (E/IP) (V < 4.5), SCALANCE XB208 (PN) (V < 4.5), SCALANCE XB213-3 (SC, E/IP) (V < 4.5), SCALANCE XB213-3 (SC, PN) (V < 4.5), SCALANCE XB213-3 (ST, E/IP) (V < 4.5), SCALANCE XB213-3 (ST, PN) (V < 4.5), SCALANCE XB213-3LD (SC, E/IP) (V < 4.5), SCALANCE XB213-3LD (SC, PN) (V < 4.5), SCALANCE XB216 (E/IP) (V < 4.5), SCALANCE XB216 (PN) (V < 4.5), SCALANCE XC206-2 (SC) (V < 4.5), SCALANCE XC206-2 (ST/BFOC) (V < 4.5), SCALANCE XC206-2G PoE (V < 4.5), SCALANCE XC206-2G PoE (54 V DC) (V < 4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), SCALANCE XC206-2SFP (V < 4.5), SCALANCE XC206-2SFP EEC (V < 4.5), SCALANCE XC206-2SFP G (V < 4.5), SCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), SCALANCE XC206-2SFP G EEC (V < 4.5), SCALANCE XC208 (V < 4.5), SCALANCE XC208EEC (V < 4.5), SCALANCE XC208G (V < 4.5), SCALANCE XC208G (EIP def.) (V < 4.5), SCALANCE XC208G EEC (V < 4.5), SCALANCE XC208G PoE (V < V4.5), SCALANCE XC208G PoE (54 V DC) (V < 4.5), SCALANCE XC216 (V < 4.5), SCALANCE XC216-3G PoE (V < V4.5), SCALANCE XC216-3G PoE (54 V DC) (V < 4.5), SCALANCE XC216-4C (V < 4.5), SCALANCE XC216-4C G (V < 4.5), SCALANCE XC216-4C G (EIP Def.) • https://cert-portal.siemens.com/productcert/html/ssa-180704.html https://cert-portal.siemens.com/productcert/html/ssa-699386.html https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf https://cert-portal.siemens.com/productcert/html/ssa-690517.html • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context •

CVSS: 9.4EPSS: 0%CPEs: 142EXPL: 0

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323. Se ha identificado una vulnerabilidad en: SCALANCE XB205-3 (SC, PN) (V < 4.5), SCALANCE XB205-3 (ST, E/IP) (V < 4.5), SCALANCE XB205-3 (ST , E/IP) (V < 4.5), SCALANCE XB205-3 (ST, PN) (V < 4.5), SCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), SCALANCE XB205-3LD (SC, PN) (V < 4.5), SCALANCE XB208 (E/IP) (V < 4.5), SCALANCE XB208 (PN) (V < 4.5), SCALANCE XB213-3 (SC, E/IP) (V < 4.5), SCALANCE XB213-3 (SC, PN) (V < 4.5), SCALANCE XB213-3 (ST, E/IP) ( V < 4.5), SCALANCE XB213-3 (ST, PN) (V < 4.5), SCALANCE XB213-3LD (SC, E/IP) (V < 4.5), SCALANCE XB213-3LD (SC, PN) (V < 4.5), SCALANCE XB216 (E/IP) (V < 4.5), SCALANCE XB216 (PN) (V < 4.5), SCALANCE XC206-2 (SC ) (V < 4.5), SCALANCE XC206-2 (ST/BFOC) (V < 4.5), SCALANCE XC206-2G PoE (V < 4.5), SCALANCE XC206-2G PoE (54 V DC) (V < 4.5), y SCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), SCALANCE XC206-2SFP (V < 4.5), SCALANCE XC206-2SFP EEC ( V < 4.5), SCALANCE XC206-2SFP G (V < 4.5), SCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), SCALANCE XC206-2SFP G EEC (V < 4.5), SCALANCE XC208 (V < 4.5), SCALANCE XC208EEC (V < 4.5), SCALANCE XC208G (V < 4.5), SCALANCE XC208G (EIP def.) • https://cert-portal.siemens.com/productcert/html/ssa-180704.html https://cert-portal.siemens.com/productcert/html/ssa-602936.html https://cert-portal.siemens.com/productcert/html/ssa-699386.html https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf https://cert-portal.siemens.com/productcert/html/ssa-690517.html https://cert-portal.siemens.com/productcert/html/ssa-721642.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.9EPSS: 0%CPEs: 142EXPL: 0

Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur. Se ha identificado una vulnerabilidad en: SCALANCE XB205-3 (SC, PN) (V < 4.5), SCALANCE XB205-3 (ST, E/IP) (V < 4.5), SCALANCE XB205-3 (ST , E/IP) (V < 4.5), SCALANCE XB205-3 (ST, PN) (V < 4.5), SCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), SCALANCE XB205-3LD (SC, PN) (V < 4.5), SCALANCE XB208 (E/IP) (V < 4.5), SCALANCE XB208 (PN) (V < 4.5), SCALANCE XB213-3 (SC, E/IP) (V < 4.5), SCALANCE XB213-3 (SC, PN) (V < 4.5), SCALANCE XB213-3 (ST, E/IP) ( V < 4.5), SCALANCE XB213-3 (ST, PN) (V < 4.5), SCALANCE XB213-3LD (SC, E/IP) (V < 4.5), SCALANCE XB213-3LD (SC, PN) (V < 4.5), SCALANCE XB216 (E/IP) (V < 4.5), SCALANCE XB216 (PN) (V < 4.5), SCALANCE XC206-2 (SC ) (V < 4.5), SCALANCE XC206-2 (ST/BFOC) (V < 4.5), SCALANCE XC206-2G PoE (V < 4.5), SCALANCE XC206-2G PoE (54 V DC) (V < 4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), SCALANCE XC206-2SFP (V < 4.5), SCALANCE XC206-2SFP EEC ( V < 4.5), SCALANCE XC206-2SFP G (V < 4.5), SCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), SCALANCE XC206-2SFP G EEC (V < 4.5), SCALANCE XC208 (V < 4.5), SCALANCE XC208EEC (V < 4.5), SCALANCE XC208G (V < 4.5), SCALANCE XC208G (EIP def.) • https://cert-portal.siemens.com/productcert/html/ssa-180704.html https://cert-portal.siemens.com/productcert/html/ssa-602936.html https://cert-portal.siemens.com/productcert/html/ssa-699386.html https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf • CWE-252: Unchecked Return Value •

CVSS: 6.5EPSS: 0%CPEs: 142EXPL: 0

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again. Se ha identificado una vulnerabilidad en: SCALANCE XB205-3 (SC, PN) (V < 4.5), SCALANCE XB205-3 (ST, E/IP) (V < 4.5), SCALANCE XB205-3 (ST , E/IP) (V < 4.5), SCALANCE XB205-3 (ST, PN) (V < 4.5), SCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), SCALANCE XB205-3LD (SC, PN) (V < 4.5), SCALANCE XB208 (E/IP) (V < 4.5), SCALANCE XB208 (PN) (V < 4.5), SCALANCE XB213-3 (SC, E/IP) (V < 4.5), SCALANCE XB213-3 (SC, PN) (V < 4.5), SCALANCE XB213-3 (ST, E/IP) ( V < 4.5), SCALANCE XB213-3 (ST, PN) (V < 4.5), SCALANCE XB213-3LD (SC, E/IP) (V < 4.5), SCALANCE XB213-3LD (SC, PN) (V < 4.5), SCALANCE XB216 (E/IP) (V < 4.5), SCALANCE XB216 (PN) (V < 4.5), SCALANCE XC206-2 (SC ) (V < 4.5), SCALANCE XC206-2 (ST/BFOC) (V < 4.5), SCALANCE XC206-2G PoE (V < 4.5), SCALANCE XC206-2G PoE (54 V DC) (V < 4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), SCALANCE XC206-2SFP (V < 4.5), SCALANCE XC206-2SFP EEC ( V < 4.5), SCALANCE XC206-2SFP G (V < 4.5), SCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), SCALANCE XC206-2SFP G EEC (V < 4.5), SCALANCE XC208 (V < 4.5), SCALANCE XC208EEC (V < 4.5), SCALANCE XC208G (V < 4.5), SCALANCE XC208G (EIP def.) (V < 4.5), SCALANCE XC208G EEC (V < 4.5), SCALANCE XC208G PoE (V < 4.5), SCALANCE XC208G PoE (54 V DC) (V < 4.5), SCALANCE XC216 (V < 4.5), SCALANCE XC216-3G PoE (V < 4.5), SCALANCE XC216-3G PoE (54 V DC) (V < 4.5), SCALANCE XC216-4C (V < 4. 5), SCALANCE XC216-4C G (V < 4.5), SCALANCE XC216-4C G (EIP Def.) • https://cert-portal.siemens.com/productcert/html/ssa-180704.html https://cert-portal.siemens.com/productcert/html/ssa-353002.html https://cert-portal.siemens.com/productcert/html/ssa-602936.html https://cert-portal.siemens.com/productcert/html/ssa-699386.html https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf https://cert-portal.siemens.com/productcert/html/ssa-087301.html • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 0%CPEs: 142EXPL: 0

Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator. Se ha identificado una vulnerabilidad en: SCALANCE XB205-3 (SC, PN) (V < 4.5), SCALANCE XB205-3 (ST, E/IP) (V < 4.5), SCALANCE XB205-3 (ST , E/IP) (V < 4.5), SCALANCE XB205-3 (ST, PN) (V < 4.5), SCALANCE XB205-3LD (SC, E/IP) (V < 4.5 ), SCALANCE XB205-3LD (SC, PN) (V < 4.5), SCALANCE XB208 (E/IP) (V < 4.5), SCALANCE XB208 (PN) (V < 4.5), SCALANCE XB213-3 (SC, E/IP) (V < 4.5), SCALANCE XB213-3 (SC, PN) (V < 4.5), SCALANCE XB213-3 (ST, E/IP) ( V < 4.5), SCALANCE XB213-3 (ST, PN) (V < 4.5), SCALANCE XB213-3LD (SC, E/IP) (V < 4.5), SCALANCE XB213-3LD (SC, PN) (V < 4.5), SCALANCE XB216 (E/IP) (V < 4.5), SCALANCE XB216 (PN) (V < 4.5), SCALANCE XC206-2 (SC ) (V < 4.5), SCALANCE XC206-2 (ST/BFOC) (V < 4.5), SCALANCE XC206-2G PoE (V < 4.5), SCALANCE XC206-2G PoE (54 V DC) (V < 4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (V < 4.5), SCALANCE XC206-2SFP (V < 4.5), SCALANCE XC206-2SFP EEC ( V < 4.5), SCALANCE XC206-2SFP G (V < 4.5), SCALANCE XC206-2SFP G (EIP DEF.) (V < 4.5), SCALANCE XC206-2SFP G EEC (V < 4.5), SCALANCE XC208 (V < 4.5), SCALANCE XC208EEC (V < 4.5), SCALANCE XC208G (V < 4.5), SCALANCE XC208G (EIP def.) (V < 4.5), SCALANCE XC208G EEC (V < 4.5), SCALANCE XC208G PoE (V < 4.5), SCALANCE XC208G PoE (54 V DC) (V < 4.5), SCALANCE XC216 (V < 4.5), SCALANCE XC216-3G PoE (V < 4.5), SCALANCE XC216-3G PoE (54 V DC) (V < 4.5), SCALANCE XC216-4C (V < 4. 5), SCALANCE XC216-4C G (V < 4.5), SCALANCE XC216-4C G (EIP Def.) (V < 4.5), SCALANCE XC216-4C G EEC (V < 4.5) , SCALANCE XC216EEC (V < 4.5), SCALANCE XC224 (V < 4.5), SCALANCE XC224-4C G (V < 4.5), SCALANCE XC224-4C G (EIP Def.) • https://cert-portal.siemens.com/productcert/html/ssa-180704.html https://cert-portal.siemens.com/productcert/html/ssa-602936.html https://cert-portal.siemens.com/productcert/html/ssa-699386.html https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf https://cert-portal.siemens.com/productcert/html/ssa-068047.html • CWE-425: Direct Request ('Forced Browsing') •