17 matches found
Siemens Scalance S Improper Authentication (CVE-2012-1799)
The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. Thi...
Siemens SCALANCE 安全漏洞
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...
Siemens SCALANCE S Improper Neutralization of Input During Web Page Generation (CVE-2018-16555)
A vulnerability has been identified in SCALANCE S602 All versions V4.0.1.1, SCALANCE S612 All versions V4.0.1.1, SCALANCE S623 All versions V4.0.1.1, SCALANCE S627-2M All versions V4.0.1.1. The integrated web server could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked in...
Siemens SCALANCE S-600 Improper Neutralization of Script-Related HTML Tags in a Web Page (CVE-2019-6585)
A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1, SCALANCE S627-2M All version...
Siemens SCALANCE S-600 Uncontrolled Resource Consumption (CVE-2019-13926)
A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold r...
Siemens SCALANCE S-600 Uncontrolled Resource Consumption (CVE-2019-13925)
A vulnerability has been identified in SCALANCE S602 All versions = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and = V3.0 and V4.1. Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. This plug...
The vulnerability of Siemens SCALANCE S network gateways’ microprogramming software is related to uncontrolled resource consumption (exhaustion), which allows attackers to trigger a service failure of the web server.
The vulnerability of Siemens SCALANCE S network gateways’ microprogramming software is related to uncontrolled resource consumption exhaustion. Exploiting this vulnerability can allow a malicious actor to trigger a service failure of the web server using specially created packets sent to port...
The vulnerability of Siemens SCALANCE S network gateways’ microprogramming software, related to uncontrolled resource consumption (exhaustion), allows a intruder to trigger a service failure.
The vulnerability of Siemens SCALANCE S network gateways’ microprogramming software is related to uncontrolled resource consumption exhaustion. Exploiting this vulnerability can allow a malicious actor to trigger service failures using specially created packets sent to port 443/tcp...
Siemens SCALANCE S-600 Firewall WEB Server Denial of Service Vulnerability
The Siemens SCALANCE S-600 Firewall is an industrial firewall device. A security vulnerability exists on port 443 of the Siemens SCALANCE S-600 Firewall WEB server, which allows remote attackers to exploit the vulnerability by submitting a special request, which can be used for denial-of-service...
Siemens SCALANCE S-600 (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE S-600 Firewall Vulnerabilities: Resource Exhaustion, Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
The vulnerability of Siemens SCALANCE S network gateways’ microprogramming software is related to insufficient protection of the WEB-page structure, allowing attackers to carry out cross-site scripting attacks.
The vulnerability of Siemens SCALANCE S network gateways’ microprogramming software is related to insufficient protection of the web page structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
ICSA-18-317-04 Siemens SCALANCE S
1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE S Vulnerability: Cross-site Scripting 2. RISK EVALUATION If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection XSS. 3. TECHNICAL DETAILS...
CVE-2012-1800
Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service device outage or possibly execute arbitrary code via a crafted...
CVE-2012-1799
CVE-2012-1799 affects Siemens Scalance S Security Module firewalls S602 V2, S612 V2, and S613 V2 prior to firmware version 2.3.0.3. The web server does not limit the rate of authentication attempts, enabling remote attackers to conduct brute-force attacks to obtain administrative access. Connecte...
CVE-2012-1800
The CVE-2012-1800 entry concerns a stack-based buffer overflow in the Profinet DCP protocol stack of Siemens Scalance S Security Module firewalls (models S602 V2, S612 V2, S613 V2) prior to firmware 2.3.0.3. The flaw allows remote attackers, via a crafted DCP frame, to cause a denial of service o...
CVE-2012-1799
The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password...
Siemens Scalance S Multiple Security Vulnerabilities
Overview ICS-CERT has received a report from Siemens regarding two security vulnerabilities in the Scalance S Security Module firewall. This vulnerability was reported to Siemens by Adam Hahn and Manimaran Govindarasu for coordinated disclosure. The first issue is a brute-force credential guessin...