CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6567
https://notcve.org/view.php?id=CVE-2019-6567
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. • https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2019-6569
https://notcve.org/view.php?id=CVE-2019-6569
The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior. La barrera de monitorización de los productos afectados bloquea insuficientemente el reenvío de datos a través del puerto espejo hacia la red reflejada. Un atacante podría utilizar este comportamiento para transmitir paquetes maliciosos a los sistemas de la red en espejo, posiblemente influyendo en su configuración y comportamiento en tiempo de ejecución • https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf • CWE-440: Expected Behavior Violation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-8478
https://notcve.org/view.php?id=CVE-2014-8478
The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. El servidor web en los switches SCALANCE X-300 con firmware anteriores a 4.0 y los switches SCALANCE X 408 con firmware anterior a 4.0 permite a atacantes remotos causar una denegación de servicio (reinicio) a través de peticiones HTTP mal formadas. • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-8479
https://notcve.org/view.php?id=CVE-2014-8479
The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets. El servidor FTP Siemens en los switches SCALANCE X-300 con firmware anterior a 4.0 y los switches SCALANCE X 408 con firmware anterior a 4.0 permite a usuarios remotos autenticados causar una denegación de servicio (reinicio) a través de paquetes FTP modificados. • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 8%CPEs: 31EXPL: 0CVE-2012-1802
https://notcve.org/view.php?id=CVE-2012-1802
Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. Desbordamiento de búfer en el servidor web integrado en el conmutador ethernet industrial Siemens Scalance X X414-3E antes de v3.7.1, X308-2M antes de v3.7.2, X-300EEC antes de v3.7.2, XR-300 antes de v3.7.2, y X-300 antes de v3.7.2 permite a atacantes remotos causar una denegación de servicio (reinicio del dispositivo) o posiblemente ejecutar código arbitrario a través de una dirección URL incorrecta. • http://osvdb.org/81032 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-04.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •