CVSS: 6.8EPSS: 0%CPEs: 180EXPL: 0CVE-2022-36325
https://notcve.org/view.php?id=CVE-2022-36325
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. Los dispositivos afectados no sanean correctamente los datos introducidos por un usuario al renderizar la interfaz web. Esto podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar código y llevar a un XSS basado en el DOM • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.1EPSS: 0%CPEs: 180EXPL: 0CVE-2022-36323
https://notcve.org/view.php?id=CVE-2022-36323
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Los dispositivos afectados no sanean correctamente un campo de entrada. Esto podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar código o generar un shell de raíz del sistema • https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-25676
https://notcve.org/view.php?id=CVE-2021-25676
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. Se ha identificado una vulnerabilidad en RUGGEDCOM RM1224 (versión V6.3), SCALANCE M-800 (versión V6.3), SCALANCE S615 (versión V6.3), SCALANCE SC-600 (Todas las versiones posteriores a V2.1 y anteriores a V2.1.3) . Múltiples intentos fallidos de autenticación SSH podrían desencadenar una Denegación de Servicio temporal en determinadas condiciones. • https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10928
https://notcve.org/view.php?id=CVE-2019-10928
A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device. • https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versiones a partir de la 3.9 es vulnerable a un ataque de denegación de servicio (DoS) con tasas bajas de paquetes especialmente modificados que apuntan hacia el reensamblado de fragmentos de IP. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/105108 http://www.securitytracker.com/id/1041476 http://www.securitytracker.com/id/1041637 https://access.redhat.co • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •