VYPR

Scalance W788 2pro

by Siemens Foundation

CVEs (6)

  • CVE-2020-28400HigJul 13, 2021
    risk 0.49cvss 7.5epss 0.02

    Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

  • CVE-2022-46140MedDec 13, 2022
    risk 0.42cvss 6.5epss 0.00

    Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.

  • CVE-2022-46142MedDec 13, 2022
    risk 0.37cvss 5.7epss 0.00

    Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.

  • CVE-2022-46143LowDec 13, 2022
    risk 0.18cvss 2.7epss 0.01

    Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

  • CVE-2013-4652Aug 1, 2013
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.

  • CVE-2013-4651Aug 1, 2013
    risk 0.00cvss epss 0.01

    Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust…