CVE-2019-6567
https://notcve.org/view.php?id=CVE-2019-6567
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. • https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVE-2019-6569
https://notcve.org/view.php?id=CVE-2019-6569
The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior. La barrera de monitorización de los productos afectados bloquea insuficientemente el reenvío de datos a través del puerto espejo hacia la red reflejada. Un atacante podría utilizar este comportamiento para transmitir paquetes maliciosos a los sistemas de la red en espejo, posiblemente influyendo en su configuración y comportamiento en tiempo de ejecución • https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf • CWE-440: Expected Behavior Violation •
CVE-2018-4848
https://notcve.org/view.php?id=CVE-2018-4848
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. • http://www.securityfocus.com/bid/104494 https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •