CVE-2017-2680
https://notcve.org/view.php?id=CVE-2017-2680
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. Los paquetes de difusión PROFINET DCP especialmente elaborados podrían causar una condición de denegación de servicio de los productos afectados en un segmento Ethernet local (capa 2). Se requiere la interacción humana para recuperar los sistemas. • http://www.securityfocus.com/bid/98369 http://www.securitytracker.com/id/1038463 https://cert-portal.siemens.com/productcert/html/ssa-284673.html https://cert-portal.siemens.com/productcert/html/ssa-293562.html https://cert-portal.siemens.com/productcert/html/ssa-546832.html https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf https://ics-cert.us- • CWE-400: Uncontrolled Resource Consumption •
CVE-2013-5709
https://notcve.org/view.php?id=CVE-2013-5709
The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value. La implementación de autentificación en el servidor web de los switches Siemens SCALANCE X-200 con firmware anterior a 5.0.0 no utiliza suficiente fuente de entropía para generar valores de numeros aleatorios, lo que hace mucho más fácil para un atacante remoto secuestrar sesiones prediciendo un valor. • http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf • CWE-189: Numeric Errors •
CVE-2013-3634
https://notcve.org/view.php?id=CVE-2013-3634
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials. • https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf • CWE-20: Improper Input Validation •
CVE-2013-3633
https://notcve.org/view.php?id=CVE-2013-3633
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account. • https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf • CWE-264: Permissions, Privileges, and Access Controls •