Page 3 of 20 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 132EXPL: 0

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 132EXPL: 0

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products. Se ha identificado una vulnerabilidad en la familia de switches (incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versión V5.2.5), familia de switches SCALANCE X-200IRT (incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versión V5.5.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.9EPSS: 0%CPEs: 132EXPL: 0

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. • https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •

CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. • https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •

CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. • https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf https://www.securityfocus.com/bid/104494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •