Siemens

Scalance Xp-200 Firmware

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2022-36323

  • EPSS 0.51%
  • Veröffentlicht 10.08.2022 12:15:12
  • Zuletzt bearbeitet 21.11.2024 07:12:47

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

7.5

CVE-2022-36324

  • EPSS 1.26%
  • Veröffentlicht 10.08.2022 12:15:12
  • Zuletzt bearbeitet 21.11.2024 07:12:47

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

4.8

CVE-2022-36325

  • EPSS 0.37%
  • Veröffentlicht 10.08.2022 12:15:12
  • Zuletzt bearbeitet 21.11.2024 07:12:47

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

7.5

CVE-2020-28400

  • EPSS 1.08%
  • Veröffentlicht 13.07.2021 11:15:08
  • Zuletzt bearbeitet 10.12.2024 14:15:19

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

5.9

CVE-2021-3449

  • EPSS 13.18%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

8.8

CVE-2021-25667

  • EPSS 0.91%
  • Veröffentlicht 15.03.2021 17:15:21
  • Zuletzt bearbeitet 21.11.2024 05:55:15

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), ...

5

CVE-2019-19301

  • EPSS 0.54%
  • Veröffentlicht 14.04.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 04:34:31

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD ...

7.8

CVE-2019-13946

  • EPSS 0.55%
  • Veröffentlicht 11.02.2020 16:15:15
  • Zuletzt bearbeitet 21.11.2024 04:25:45

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of ...

5.4

CVE-2019-13924

  • EPSS 0.27%
  • Veröffentlicht 11.02.2020 16:15:14
  • Zuletzt bearbeitet 21.11.2024 04:25:42

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Al...

6.5

CVE-2019-10927

  • EPSS 0.61%
  • Veröffentlicht 13.08.2019 19:15:14
  • Zuletzt bearbeitet 21.11.2024 04:20:10

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp...