CVE-2020-15800

CRITICAL

9.8

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/12/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

siemens:scalance_x200-4pirtsiemens:scalance_x200-4pirt_firmwaresiemens:scalance_x201-3pirtsiemens:scalance_x201-3pirt_firmwaresiemens:scalance_x202-2irtsiemens:scalance_x202-2irt_firmwaresiemens:scalance_x202-2pirtsiemens:scalance_x202-2pirt_firmwaresiemens:scalance_x202-2pirt_siplus_netsiemens:scalance_x202-2pirt_siplus_net_firmwaresiemens:scalance_x204irtsiemens:scalance_x204irt_firmwaresiemens:scalance_x307-3siemens:scalance_x307-3_firmwaresiemens:scalance_x307-3ldsiemens:scalance_x307-3ld_firmwaresiemens:scalance_x308-2siemens:scalance_x308-2_firmwaresiemens:scalance_x308-2ldsiemens:scalance_x308-2ld_firmwaresiemens:scalance_x308-2lhsiemens:scalance_x308-2lh\+siemens:scalance_x308-2lh\+_firmwaresiemens:scalance_x308-2lh_firmwaresiemens:scalance_x308-2msiemens:scalance_x308-2m_firmwaresiemens:scalance_x308-2m_tssiemens:scalance_x308-2m_ts_firmwaresiemens:scalance_x310siemens:scalance_x310_firmwaresiemens:scalance_x310fesiemens:scalance_x310fe_firmwaresiemens:scalance_x320-1fesiemens:scalance_x320-1fe_firmwaresiemens:scalance_x320-3ldfesiemens:scalance_x320-3ldfe_firmwaresiemens:scalance_xb205-3siemens:scalance_xb205-3_firmwaresiemens:scalance_xb205-3ldsiemens:scalance_xb205-3ld_firmwaresiemens:scalance_xb208siemens:scalance_xb208_firmwaresiemens:scalance_xb213-3siemens:scalance_xb213-3_firmwaresiemens:scalance_xb213-3ldsiemens:scalance_xb213-3ld_firmwaresiemens:scalance_xb216siemens:scalance_xb216_firmwaresiemens:scalance_xc206-2siemens:scalance_xc206-2_firmwaresiemens:scalance_xc206-2g_poe_siemens:scalance_xc206-2g_poe__firmwaresiemens:scalance_xc206-2g_poe_eecsiemens:scalance_xc206-2g_poe_eec_firmwaresiemens:scalance_xc206-2sfpsiemens:scalance_xc206-2sfp_eecsiemens:scalance_xc206-2sfp_eec_firmwaresiemens:scalance_xc206-2sfp_firmwaresiemens:scalance_xc206-2sfp_gsiemens:scalance_xc206-2sfp_g_\(e\/ip\)siemens:scalance_xc206-2sfp_g_\(e\/ip\)_firmwaresiemens:scalance_xc206-2sfp_g_eecsiemens:scalance_xc206-2sfp_g_eec_firmwaresiemens:scalance_xc206-2sfp_g_firmwaresiemens:scalance_xc208siemens:scalance_xc208_firmwaresiemens:scalance_xc208eecsiemens:scalance_xc208eec_firmwaresiemens:scalance_xc208gsiemens:scalance_xc208g_\(e\/ip\)siemens:scalance_xc208g_\(e\/ip\)_firmwaresiemens:scalance_xc208g_eecsiemens:scalance_xc208g_eec_firmwaresiemens:scalance_xc208g_firmwaresiemens:scalance_xc208g_poesiemens:scalance_xc208g_poe_firmwaresiemens:scalance_xc216siemens:scalance_xc216-4csiemens:scalance_xc216-4c_firmwaresiemens:scalance_xc216-4c_gsiemens:scalance_xc216-4c_g_\(e\/ip\)siemens:scalance_xc216-4c_g_\(e\/ip\)_firmwaresiemens:scalance_xc216-4c_g_eecsiemens:scalance_xc216-4c_g_eec_firmwaresiemens:scalance_xc216-4c_g_firmwaresiemens:scalance_xc216_firmwaresiemens:scalance_xc216eecsiemens:scalance_xc216eec_firmwaresiemens:scalance_xc224-4c_g_siemens:scalance_xc224-4c_g_\(e\/ip\)siemens:scalance_xc224-4c_g_\(e\/ip\)_firmwaresiemens:scalance_xc224-4c_g__firmwaresiemens:scalance_xc224-4c_g_eecsiemens:scalance_xc224-4c_g_eec_firmwaresiemens:scalance_xc224_siemens:scalance_xc224__firmwaresiemens:scalance_xf201-3p_irtsiemens:scalance_xf201-3p_irt_firmwaresiemens:scalance_xf202-2p_irtsiemens:scalance_xf202-2p_irt_firmwaresiemens:scalance_xf204siemens:scalance_xf204-2siemens:scalance_xf204-2_firmwaresiemens:scalance_xf204-2ba_dnasiemens:scalance_xf204-2ba_dna_firmwaresiemens:scalance_xf204-2ba_irtsiemens:scalance_xf204-2ba_irt_firmwaresiemens:scalance_xf204_dnasiemens:scalance_xf204_dna_firmwaresiemens:scalance_xf204_firmwaresiemens:scalance_xf204irtsiemens:scalance_xf204irt_firmwaresiemens:scalance_xf206-1siemens:scalance_xf206-1_firmwaresiemens:scalance_xf208siemens:scalance_xf208_firmwaresiemens:scalance_xp208siemens:scalance_xp208_\(eip\)siemens:scalance_xp208_\(eip\)_firmwaresiemens:scalance_xp208_firmwaresiemens:scalance_xp208eecsiemens:scalance_xp208eec_firmwaresiemens:scalance_xp208poe_eecsiemens:scalance_xp208poe_eec_firmwaresiemens:scalance_xp216siemens:scalance_xp216_\(eip\)siemens:scalance_xp216_\(eip\)_firmwaresiemens:scalance_xp216_firmwaresiemens:scalance_xp216eecsiemens:scalance_xp216eec_firmwaresiemens:scalance_xp216poe_eecsiemens:scalance_xp216poe_eec_firmware

Faiblesses (CWE)

CWE-122CWE-787

References

https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf(productcert@siemens.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.