CVE-2019-10942
https://notcve.org/view.php?id=CVE-2019-10942
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. • https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-6567
https://notcve.org/view.php?id=CVE-2019-6567
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. • https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVE-2019-6569
https://notcve.org/view.php?id=CVE-2019-6569
The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior. La barrera de monitorización de los productos afectados bloquea insuficientemente el reenvío de datos a través del puerto espejo hacia la red reflejada. Un atacante podría utilizar este comportamiento para transmitir paquetes maliciosos a los sistemas de la red en espejo, posiblemente influyendo en su configuración y comportamiento en tiempo de ejecución • https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf • CWE-440: Expected Behavior Violation •
CVE-2018-4848
https://notcve.org/view.php?id=CVE-2018-4848
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. • http://www.securityfocus.com/bid/104494 https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2015-1049
https://notcve.org/view.php?id=CVE-2015-1049
The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. El servidor web en los swiches Siemens SCALANCE X-200IRT con firmware anterior a 5.2.0 permite a atacantes remotos secuestrar sesiones a través de vectores no especificados. • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf • CWE-20: Improper Input Validation •