Lucene search

HistoryMay 06, 2015 - 12:00 a.m.

Siemens SCALANCE S612 Firewall > 2.1 and < 2.3.0.3 Multiple Vulnerabilities (SSA-268149)

2015-05-0600:00:00

www.tenable.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.8%

JSON

The Siemens SCALANCE S612 firewall device has a firmware version that is greater than 2.1 and prior to 2.3.0.3. It is, therefore, affected by the following vulnerabilities :

A brute-force weakness exists due to a failure to enforce time delays between failed login attempts. This allows a remote attacker to perform rapid, multiple authentication attempts within a short time frame.
(CVE-2012-1799)
A stack-based buffer overflow vulnerability exists in the Profinet DCP protocol implementation due to a failure to correctly handle unexpected input. A remote attacker, using a specially crafted DCP frame, can crash the DCP protocol stack, resulting in a denial of service condition or possible arbitrary code execution.
(CVE-2012-1800)

Binary data scada_siemens_scalance_s612_SSA-268149.nbin

VendorProductVersionCPE
siemensscalance_s_firmwarecpe:/a:siemens:scalance_s_firmware
siemensscalance_s612cpe:/h:siemens:scalance_s612

Vendor	Product	Version	CPE
siemens	scalance_s_firmware		cpe:/a:siemens:scalance_s_firmware
siemens	scalance_s612		cpe:/h:siemens:scalance_s612

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1799

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1800

www.nessus.org/u?754db467

www.nessus.org/u?7589cf1c

ics-cert.us-cert.gov/advisories/ICSA-12-102-05

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.8%

JSON

Related for SCADA_SIEMENS_SCALANCE_S612_SSA-268149.NBIN