EUVD-2019-5195

Malware in sbrugna...

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment SACK sequences to affected products. This plugin only works with Tenable.ot...

CVE-2019-6585

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. The integrated configuration web server of the affected devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. User...

CVE-2019-6585

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. The integrated configuration web server of the affected devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. User...

Cross site scripting

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. The integrated configuration web server of the affected devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. User...

CVE-2019-6585

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. The integrated configuration web server of the affected devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. User...

CVE-2019-6585

CVE-2019-6585 affects Siemens SCALANCE S600/S612/S623/S627-2M (versions 3.0–4.0; vulnerable until 4.0) with an XSS flaw in the integrated configuration web server. Exploitation requires user interaction and the attacker must lure a logged-in user to a crafted link, enabling cross-site scripting. ...

CVE-2019-13925

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server...

CVE-2019-13926

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionalit...

CVE-2019-13926

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionalit...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionalit...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE S602 All versions V4.1, SCALANCE S612 All versions V4.1, SCALANCE S623 All versions V4.1, SCALANCE S627-2M All versions V4.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions 5.2.4, SCALANCE X-200IRT switch family incl. SIPLUS NET...

CVE-2019-13925

A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server...

CVE-2019-13926

CVE-2019-13926 affects Siemens SCALANCE S-600 family (S602, S612, S623, S627-2M) with versions >= V3.0 and

PT-2020-9414 · Siemens · Scalance X-200Irt Switch Family +5

Name of the Vulnerable Software and Affected Versions: SCALANCE S602 versions prior to V4.1 SCALANCE S612 versions prior to V4.1 SCALANCE S623 versions prior to V4.1 SCALANCE S627-2M versions prior to V4.1 SCALANCE X-200 switch family versions prior to 5.2.4 SCALANCE X-200IRT switch family versio...

Siemens SCALANCE S-600 (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE S-600 Firewall Vulnerabilities: Resource Exhaustion, Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

CVE-2019-13924

CVE-2019-13924 affects Siemens SCALANCE X and S switches. The root issue is that the admin web interface does not send the X-Frame-Options header, enabling clickjacking where an attacker could trick a logged-in administrator into performing actions via a malicious page. Affected families and vers...

ICSA-19-253-03_Siemens Industrial Products (Update P)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2. UPDATE INFORMATION...

Siemens SCALANCE S623 Security module

Binary data 764597.prm...

CVE-2018-16555

A vulnerability has been identified in SCALANCE S602 All versions V4.0.1.1, SCALANCE S612 All versions V4.0.1.1, SCALANCE S623 All versions V4.0.1.1, SCALANCE S627-2M All versions V4.0.1.1. The integrated web server could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked in...