16 results (0.008 seconds)

CVSS: 7.4EPSS: 0%CPEs: 30EXPL: 0

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. • https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf • CWE-326: Inadequate Encryption Strength •

CVSS: 6.1EPSS: 0%CPEs: 60EXPL: 0

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking. Se ha identificado una vulnerabilidad en SCALANCE X200-4P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X201-3P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X201-3P IRT PRO (Todas las versiones anteriores a V5. 5.0), SCALANCE X202-2IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X202-2P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X202-2P IRT PRO (Todas las versiones anteriores a V5.5. 0), SCALANCE X204-2 (Todas las versiones anteriores a V5.2.5), SCALANCE X204-2FM (Todas las versiones anteriores a V5.2.5), SCALANCE X204-2LD (Todas las versiones anteriores a V5.2.5), SCALANCE X204-2LD TS (Todas las versiones anteriores a V5. 2.5), SCALANCE X204-2TS (Todas las versiones anteriores a V5.2.5), SCALANCE X204IRT (Todas las versiones anteriores a V5.5.0), SCALANCE X204IRT PRO (Todas las versiones anteriores a V5.5.0), SCALANCE X206-1 (Todas las versiones anteriores a V5.2. 5), SCALANCE X206-1LD (Todas las versiones anteriores a V5.2.5), SCALANCE X208 (Todas las versiones anteriores a V5.2.5), SCALANCE X208PRO (Todas las versiones anteriores a V5.2.5), SCALANCE X212-2 (Todas las versiones anteriores a V5.2. 5), SCALANCE X212-2LD (Todas las versiones anteriores a V5.2.5), SCALANCE X216 (Todas las versiones anteriores a V5.2.5), SCALANCE X224 (Todas las versiones anteriores a V5.2.5), SCALANCE XF201-3P IRT (Todas las versiones anteriores a V5.5. 0), SCALANCE XF202-2P IRT (Todas las versiones anteriores a V5.5.0), SCALANCE XF204 (Todas las versiones anteriores a V5.2.5), SCALANCE XF204-2 (Todas las versiones anteriores a V5.2.5), SCALANCE XF204-2BA IRT (Todas las versiones anteriores a V5.5. 0), SCALANCE XF204IRT (Todas las versiones anteriores a V5.5.0), SCALANCE XF206-1 (Todas las versiones anteriores a V5.2.5), SCALANCE XF208 (Todas las versiones anteriores a V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (Todas las versiones anteriores a V5.5.0). Se presenta una vulnerabilidad de tipo cross-site scripting en los dispositivos afectados, que si es usada por un actor de amenaza, podría resultar en un secuestro de sesión • https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 180EXPL: 0

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. Los dispositivos afectados no sanean correctamente los datos introducidos por un usuario al renderizar la interfaz web. Esto podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar código y llevar a un XSS basado en el DOM • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 7.5EPSS: 0%CPEs: 168EXPL: 0

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. Los dispositivos afectados no manejan adecuadamente la renegociación de los parámetros SSL/TLS. Esto podría permitir a un atacante remoto no autenticado eludir la prevención de fuerza bruta de TCP y provocar una condición de denegación de servicio mientras dure el ataque • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.1EPSS: 0%CPEs: 180EXPL: 0

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Los dispositivos afectados no sanean correctamente un campo de entrada. Esto podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar código o generar un shell de raíz del sistema • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •