CVSS: 9.1EPSS: 0%CPEs: 180EXPL: 0CVE-2022-36323
https://notcve.org/view.php?id=CVE-2022-36323
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Los dispositivos afectados no sanean correctamente un campo de entrada. Esto podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar código o generar un shell de raíz del sistema • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2021-37182
https://notcve.org/view.php?id=CVE-2021-37182
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) • https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-28393
https://notcve.org/view.php?id=CVE-2020-28393
An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4). Se ha identificado una vulnerabilidad en SCALANCE XM-400 Family (todas las versiones anteriores a V6.4), SCALANCE XR-500 Family (todas las versiones anteriores a V6.4). La implementación del protocolo OSPF en los dispositivos afectados maneja incorrectamente el número de campos LSA en combinación con otros campos modificados. Un atacante remoto no autenticado podría crear una condición de Denegación de Servicio permanente al enviar paquetes OSPF especialmente diseñados. • https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10 • CWE-682: Incorrect Calculation •