CVSS: 7.4EPSS: 0%CPEs: 30EXPL: 0CVE-2023-29054
https://notcve.org/view.php?id=CVE-2023-29054
11 Apr 2023 — A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P... • https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf • CWE-326: Inadequate Encryption Strength •
CVSS: 6.4EPSS: 0%CPEs: 60EXPL: 0CVE-2022-40631
https://notcve.org/view.php?id=CVE-2022-40631
11 Oct 2022 — A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS ... • https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 157EXPL: 0CVE-2020-28400
https://notcve.org/view.php?id=CVE-2020-28400
13 Jul 2021 — Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. Los dispositivos afectados contienen una vulnerabilidad que permite a un atacante no autentificado desencadenar una condición de denegación de servicio. La vulnerabilidad puede activarse si se envía una gran cantidad de paquetes de restablecimiento de DCP al dispositivo Affected devices con... • https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 58EXPL: 0CVE-2021-25668
https://notcve.org/view.php?id=CVE-2021-25668
22 Apr 2021 — A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204... • https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 58EXPL: 0CVE-2021-25669
https://notcve.org/view.php?id=CVE-2021-25669
22 Apr 2021 — A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204... • https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 132EXPL: 0CVE-2020-25226
https://notcve.org/view.php?id=CVE-2020-25226
12 Jan 2021 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. • https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 132EXPL: 0CVE-2020-15800
https://notcve.org/view.php?id=CVE-2020-15800
12 Jan 2021 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 132EXPL: 0CVE-2020-15799
https://notcve.org/view.php?id=CVE-2020-15799
12 Jan 2021 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products. Se ha identificado una vulnerabilidad en la familia de switches (incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a... • https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.9EPSS: 0%CPEs: 132EXPL: 0CVE-2020-28391
https://notcve.org/view.php?id=CVE-2020-28391
12 Jan 2021 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. • https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •