CVE-2020-15800

CRITICAL

9.8

Descripcion

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado1/12/2021

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

siemens:scalance_x200-4pirtsiemens:scalance_x200-4pirt_firmwaresiemens:scalance_x201-3pirtsiemens:scalance_x201-3pirt_firmwaresiemens:scalance_x202-2irtsiemens:scalance_x202-2irt_firmwaresiemens:scalance_x202-2pirtsiemens:scalance_x202-2pirt_firmwaresiemens:scalance_x202-2pirt_siplus_netsiemens:scalance_x202-2pirt_siplus_net_firmwaresiemens:scalance_x204irtsiemens:scalance_x204irt_firmwaresiemens:scalance_x307-3siemens:scalance_x307-3_firmwaresiemens:scalance_x307-3ldsiemens:scalance_x307-3ld_firmwaresiemens:scalance_x308-2siemens:scalance_x308-2_firmwaresiemens:scalance_x308-2ldsiemens:scalance_x308-2ld_firmwaresiemens:scalance_x308-2lhsiemens:scalance_x308-2lh\+siemens:scalance_x308-2lh\+_firmwaresiemens:scalance_x308-2lh_firmwaresiemens:scalance_x308-2msiemens:scalance_x308-2m_firmwaresiemens:scalance_x308-2m_tssiemens:scalance_x308-2m_ts_firmwaresiemens:scalance_x310siemens:scalance_x310_firmwaresiemens:scalance_x310fesiemens:scalance_x310fe_firmwaresiemens:scalance_x320-1fesiemens:scalance_x320-1fe_firmwaresiemens:scalance_x320-3ldfesiemens:scalance_x320-3ldfe_firmwaresiemens:scalance_xb205-3siemens:scalance_xb205-3_firmwaresiemens:scalance_xb205-3ldsiemens:scalance_xb205-3ld_firmwaresiemens:scalance_xb208siemens:scalance_xb208_firmwaresiemens:scalance_xb213-3siemens:scalance_xb213-3_firmwaresiemens:scalance_xb213-3ldsiemens:scalance_xb213-3ld_firmwaresiemens:scalance_xb216siemens:scalance_xb216_firmwaresiemens:scalance_xc206-2siemens:scalance_xc206-2_firmwaresiemens:scalance_xc206-2g_poe_siemens:scalance_xc206-2g_poe__firmwaresiemens:scalance_xc206-2g_poe_eecsiemens:scalance_xc206-2g_poe_eec_firmwaresiemens:scalance_xc206-2sfpsiemens:scalance_xc206-2sfp_eecsiemens:scalance_xc206-2sfp_eec_firmwaresiemens:scalance_xc206-2sfp_firmwaresiemens:scalance_xc206-2sfp_gsiemens:scalance_xc206-2sfp_g_\(e\/ip\)siemens:scalance_xc206-2sfp_g_\(e\/ip\)_firmwaresiemens:scalance_xc206-2sfp_g_eecsiemens:scalance_xc206-2sfp_g_eec_firmwaresiemens:scalance_xc206-2sfp_g_firmwaresiemens:scalance_xc208siemens:scalance_xc208_firmwaresiemens:scalance_xc208eecsiemens:scalance_xc208eec_firmwaresiemens:scalance_xc208gsiemens:scalance_xc208g_\(e\/ip\)siemens:scalance_xc208g_\(e\/ip\)_firmwaresiemens:scalance_xc208g_eecsiemens:scalance_xc208g_eec_firmwaresiemens:scalance_xc208g_firmwaresiemens:scalance_xc208g_poesiemens:scalance_xc208g_poe_firmwaresiemens:scalance_xc216siemens:scalance_xc216-4csiemens:scalance_xc216-4c_firmwaresiemens:scalance_xc216-4c_gsiemens:scalance_xc216-4c_g_\(e\/ip\)siemens:scalance_xc216-4c_g_\(e\/ip\)_firmwaresiemens:scalance_xc216-4c_g_eecsiemens:scalance_xc216-4c_g_eec_firmwaresiemens:scalance_xc216-4c_g_firmwaresiemens:scalance_xc216_firmwaresiemens:scalance_xc216eecsiemens:scalance_xc216eec_firmwaresiemens:scalance_xc224-4c_g_siemens:scalance_xc224-4c_g_\(e\/ip\)siemens:scalance_xc224-4c_g_\(e\/ip\)_firmwaresiemens:scalance_xc224-4c_g__firmwaresiemens:scalance_xc224-4c_g_eecsiemens:scalance_xc224-4c_g_eec_firmwaresiemens:scalance_xc224_siemens:scalance_xc224__firmwaresiemens:scalance_xf201-3p_irtsiemens:scalance_xf201-3p_irt_firmwaresiemens:scalance_xf202-2p_irtsiemens:scalance_xf202-2p_irt_firmwaresiemens:scalance_xf204siemens:scalance_xf204-2siemens:scalance_xf204-2_firmwaresiemens:scalance_xf204-2ba_dnasiemens:scalance_xf204-2ba_dna_firmwaresiemens:scalance_xf204-2ba_irtsiemens:scalance_xf204-2ba_irt_firmwaresiemens:scalance_xf204_dnasiemens:scalance_xf204_dna_firmwaresiemens:scalance_xf204_firmwaresiemens:scalance_xf204irtsiemens:scalance_xf204irt_firmwaresiemens:scalance_xf206-1siemens:scalance_xf206-1_firmwaresiemens:scalance_xf208siemens:scalance_xf208_firmwaresiemens:scalance_xp208siemens:scalance_xp208_\(eip\)siemens:scalance_xp208_\(eip\)_firmwaresiemens:scalance_xp208_firmwaresiemens:scalance_xp208eecsiemens:scalance_xp208eec_firmwaresiemens:scalance_xp208poe_eecsiemens:scalance_xp208poe_eec_firmwaresiemens:scalance_xp216siemens:scalance_xp216_\(eip\)siemens:scalance_xp216_\(eip\)_firmwaresiemens:scalance_xp216_firmwaresiemens:scalance_xp216eecsiemens:scalance_xp216eec_firmwaresiemens:scalance_xp216poe_eecsiemens:scalance_xp216poe_eec_firmware

Debilidades (CWE)

CWE-122CWE-787

Referencias

https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf(productcert@siemens.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.