Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Scalance Xf-200Ba Firmware Security Vulnerabilities

cve
cve

CVE-2019-10927

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Serv...

6.5CVSS

6.2AI Score

0.001EPSS

2019-08-13 07:15 PM
57
cve
cve

CVE-2019-13946

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limitinternal resource allocation when multiple legitimate diagnostic packagerequests are sent to the DCE-RPC interface.This could lead to a denial of service condition due to lack of memoryfor devices that include a vulnerable version ...

7.5CVSS

7.4AI Score

0.001EPSS

2020-02-11 04:15 PM
95
cve
cve

CVE-2020-28400

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

7.5CVSS

7.5AI Score

0.002EPSS

2021-07-13 11:15 AM
92
4
cve
cve

CVE-2021-25667

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All vers...

8.8CVSS

8.8AI Score

0.006EPSS

2021-03-15 05:15 PM
38
4
cve
cve

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS

6.5AI Score

0.005EPSS

2021-03-25 03:15 PM
641
82
cve
cve

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

9.1CVSS

9AI Score

0.002EPSS

2022-08-10 12:15 PM
72
6
cve
cve

CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

7.5CVSS

7.6AI Score

0.002EPSS

2022-08-10 12:15 PM
64
7
cve
cve

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

6.8CVSS

5.2AI Score

0.001EPSS

2022-08-10 12:15 PM
68
8