CVE-2020-28395

A vulnerability has been identified in SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a...

Siemens SCALANCE X-200RNA Switch Devices NULL Pointer Dereference (CVE-2015-3194)

crypto/rsa/rsaameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. This plugin only works with Tenable.ot...

Siemens SCALANCE X-200RNA Switch Devices NULL Pointer Dereference (CVE-2015-0291)

The sigalgs implementation in t1lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash by using an invalid signaturealgorithms extension in the ClientHello message during a renegotiation. This plugin only works with...

Siemens SCALANCE X-200RNA Switch Devices Improper Input Validation (CVE-2016-6515)

The authpassword function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long string. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE X-200RNA Switch Devices Uncontrolled Resource Consumption (CVE-2016-6307)

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to statem/statem.c and statem/statemlib.c. This plugin onl...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-0704)

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

Siemens SCALANCE X-200RNA Switch Devices NULL Pointer Dereference (CVE-2015-0288)

The X509toX509REQ function in crypto/x509/x509req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service NULL pointer dereference and application crash via an invalid certificate key. This plugin only works...

Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2016-10011)

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. This plugin only works with Tenable.ot. Please visi...

Siemens SCALANCE X-200RNA Switch Devices NULL Pointer Dereference (CVE-2015-0289)

The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and application crash by leveraging an applicati...

Siemens SCALANCE X-200RNA Switch Devices Improper Input Validation (CVE-2015-0293)

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message. This plugin only works with Tenable.ot...

Siemens SCALANCE X-200RNA Switch Devices Out-of-bounds Read (CVE-2016-2180)

The TSOBJprintbio function in crypto/ts/tslib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol TSP implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted time- stamp file that is mishandled b...

Siemens SCALANCE X-200RNA Switch Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2016-2176)

The X509NAMEoneline function in crypto/x509/x509obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service buffer over-read via crafted EBCDIC ASN.1 data. This plugin only works with...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-2183)

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2015-6565)

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service terminal disruption or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. This plugin only works with...

Siemens SCALANCE X-200RNA Switch Devices NULL Pointer Dereference (CVE-2015-0290)

The multi-block feature in the ssl3writebytes function in s3pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service pointer corruption and application crash...

Siemens SCALANCE X-200RNA Switch Devices Resource Management Errors (CVE-2016-2109)

The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE X-200RNA Switch Devices Resource Management Errors (CVE-2016-2179)

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of- order messages, which allows remote attackers to cause a denial of service memory consumption by maintaining many crafted DTLS sessions simultaneously, related t...

Siemens SCALANCE X-200RNA Switch Devices Untrusted Search Path (CVE-2015-8325)

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2016-10010)

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-0800)

A cross-protocol attack was discovered that could allow an attacker to decrypt intercepted TLS sessions by using a server supporting SSLv2 as a Bleichenbacher RSA padding oracle. In order to exploit the vulnerability, the attacker must have network access to the affected devices and must be in a...