EUVD-2019-16126

Malware in sbrugna...

Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-28895)

In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc. As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. SCALANCE X-200, X-200IRT, and X-300...

Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-35198)

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc. As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption...

Siemens SCALANCE X-200IRT Devices Inadequate Encryption Strength (CVE-2023-29054)

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

Siemens SCALANCE X-200IRT User Impersonation (CVE-2015-1049)

The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. Products with the following MLFBs are affected: 6GK5201-3BH00-2BA3 6GK5200-4AH00-2BA3 6GK5202-2BB00-2BA3 6GK5204-0BA00-2BA3 6GK5201-3JR00-2BA6...

Siemens SCALANCE X-200IRT Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SCALANCE X Switches Use of Hard-Coded Cryptographic Key (CVE-2020-28391)

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-200RNA switch family All versions V3.2.7. Devices create a new unique key upon factory reset...

Siemens SCALANCE X-200 and X-200IRT Families Improper Neutralization of Input During Web Page Generation (CVE-2022-40631)

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.0, SCALANCE X201-3P IRT All versions V5.5.0, SCALANCE X201-3P IRT PRO All versions V5.5.0, SCALANCE X202-2IRT All versions V5.5.0, SCALANCE X202-2P IRT All versions V5.5.0, SCALANCE X202-2P IRT PRO All versions V5.5.0,...

Siemens SCALANCE X-200 and X-200IRT Families (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A part 1 of 2 --------- CVSS v3 9.6 --------- End Update A part 1 of 2 --------- ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X-200 and X-200IRT Families Vulnerability: Cross-site Scripting 2. UPDATE OR...

The vulnerability of the web server of industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 arises from the possibility of executing operations outside the buffer in memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the web server of industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a...

The vulnerability of the C-PLUG memory module in industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 allows a intruder to gain increased privileges.

The vulnerability of the C-PLUG memory module in industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability can allow an attacker operating remotely to enhance their privileges...

The vulnerability of the web server of industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 lies in the absence of authentication for a critical function, allowing a perpetrator to restart the vulnerable device.

The vulnerability of the web server of industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a remote attacker to reboot the vulnerable device...

CVE-2020-25226

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The web server of the affected devices contains a vulnerability that may lead to a buffer overflow...

CVE-2020-25226

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The web server of the affected devices contains a vulnerability that may lead to a buffer overflow...

CVE-2020-15799

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The vulnerability could allow an unauthenticated attacker to reboot the device over the network by usin...

CVE-2020-15800

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. The webserver of t...

CVE-2020-15799

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The vulnerability could allow an unauthenticated attacker to reboot the device over the network by usin...

Hardcoded credentials

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-200RNA switch family All versions V3.2.7. Devices create a new unique key upon factory reset...

Buffer overflow

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The web server of the affected devices contains a vulnerability that may lead to a buffer overflow...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The vulnerability could allow an unauthenticated attacker to reboot the device over the network by usin...