CVE-2019-6585
https://notcve.org/view.php?id=CVE-2019-6585
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. Se ha identificado una vulnerabilidad en SCALANCE S602 (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1), SCALANCE S612 (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1), SCALANCE S623 (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1), SCALANCE S627-2M (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1). • https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf https://www.us-cert.gov/ics/advisories/icsa-20-042-10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2019-13925
https://notcve.org/view.php?id=CVE-2019-13925
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. Se ha identificado una vulnerabilidad en SCALANCE S602 (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1), SCALANCE S612 (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1), SCALANCE S623 (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1), SCALANCE S627-2M (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1). Los paquetes especialmente diseñados enviados hacia el puerto 443/tcp de los dispositivos afectados podrían causar una condición de Denegación de Servicio del servidor web • https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf https://www.us-cert.gov/ics/advisories/icsa-20-042-10 • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-13926
https://notcve.org/view.php?id=CVE-2019-13926
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device. Se ha identificado una vulnerabilidad en SCALANCE S602 (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1), SCALANCE S612 (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1), SCALANCE S623 (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1), SCALANCE S627-2M (Todas las versiones posteriores o iguales a V3.0 y anteriores a V4.1). Los paquetes especialmente diseñados enviados hacia el puerto 443/tcp de los dispositivos afectados podrían causar una condición de Denegación de Servicio del servidor web. • https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf https://www.us-cert.gov/ics/advisories/icsa-20-042-10 • CWE-400: Uncontrolled Resource Consumption •