CVSS: 9.8EPSS: 0%CPEs: 132EXPL: 0CVE-2020-15800
https://notcve.org/view.php?id=CVE-2020-15800
12 Jan 2021 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 132EXPL: 0CVE-2020-25226
https://notcve.org/view.php?id=CVE-2020-25226
12 Jan 2021 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. • https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 132EXPL: 0CVE-2020-28391
https://notcve.org/view.php?id=CVE-2020-28391
12 Jan 2021 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. • https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-1049
https://notcve.org/view.php?id=CVE-2015-1049
02 Feb 2015 — The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. El servidor web en los swiches Siemens SCALANCE X-200IRT con firmware anterior a 5.2.0 permite a atacantes remotos secuestrar sesiones a través de vectores no especificados. • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 1%CPEs: 13EXPL: 0CVE-2013-5709
https://notcve.org/view.php?id=CVE-2013-5709
17 Sep 2013 — The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value. La implementación de autentificación en el servidor web de los switches Siemens SCALANCE X-200 con firmware anterior a 5.0.0 no utiliza suficiente fuente de entropía para generar valores de numeros aleatorios, lo que hace mucho ... • http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3634
https://notcve.org/view.php?id=CVE-2013-3634
24 May 2013 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials. • https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3633
https://notcve.org/view.php?id=CVE-2013-3633
24 May 2013 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account. • https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf • CWE-264: Permissions, Privileges, and Access Controls •