Siemens

Scalance Xb-200 Firmware

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2022-36323

  • EPSS 0.51%
  • Published 10.08.2022 12:15:12
  • Last modified 21.11.2024 07:12:47

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

7.5

CVE-2022-36324

  • EPSS 1.26%
  • Published 10.08.2022 12:15:12
  • Last modified 21.11.2024 07:12:47

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

4.8

CVE-2022-36325

  • EPSS 0.37%
  • Published 10.08.2022 12:15:12
  • Last modified 21.11.2024 07:12:47

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

7.5

CVE-2020-28400

  • EPSS 1.08%
  • Published 13.07.2021 11:15:08
  • Last modified 10.12.2024 14:15:19

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

5.9

CVE-2021-3449

  • EPSS 13.18%
  • Published 25.03.2021 15:15:13
  • Last modified 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

8.8

CVE-2021-25667

  • EPSS 0.91%
  • Published 15.03.2021 17:15:21
  • Last modified 21.11.2024 05:55:15

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), ...

5

CVE-2019-19301

  • EPSS 0.54%
  • Published 14.04.2020 20:15:14
  • Last modified 21.11.2024 04:34:31

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD ...

7.8

CVE-2019-13946

  • EPSS 0.55%
  • Published 11.02.2020 16:15:15
  • Last modified 21.11.2024 04:25:45

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of ...

5.4

CVE-2019-13924

  • EPSS 0.27%
  • Published 11.02.2020 16:15:14
  • Last modified 21.11.2024 04:25:42

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Al...

6.5

CVE-2019-10927

  • EPSS 0.61%
  • Published 13.08.2019 19:15:14
  • Last modified 21.11.2024 04:20:10

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp...