VYPR

Scalance Xf 200ba Firmware

by Siemens Foundation

CVEs (6)

  • CVE-2022-36323CriAug 10, 2022
    risk 0.59cvss 9.1epss 0.01

    Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

  • CVE-2021-25667HigMar 15, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions…

  • CVE-2022-36324HigAug 10, 2022
    risk 0.49cvss 7.5epss 0.01

    Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

  • CVE-2022-36325MedAug 10, 2022
    risk 0.44cvss 6.8epss 0.01

    Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

  • CVE-2019-13946Feb 11, 2020
    risk 0.00cvss epss 0.01

    Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that…

  • CVE-2013-5709Sep 17, 2013
    risk 0.00cvss epss 0.03

    The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a…