CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6567
https://notcve.org/view.php?id=CVE-2019-6567
12 Jun 2019 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. • https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2019-6569
https://notcve.org/view.php?id=CVE-2019-6569
26 Mar 2019 — The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior. La barrera de monitorización de los productos afectados bloquea insuficientemente el reenvío de datos a través del puerto espejo hacia la red reflejada. Un atacante podría utilizar este comportamiento para ... • https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf • CWE-440: Expected Behavior Violation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-4848
https://notcve.org/view.php?id=CVE-2018-4848
14 Jun 2018 — A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessin... • http://www.securityfocus.com/bid/104494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •