Scalance Xm-400 Firmware Security Vulnerabilities
A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (...
8.8CVSS
8.4AI Score
0.001EPSS
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limitinternal resource allocation when multiple legitimate diagnostic packagerequests are sent to the DCE-RPC interface.This could lead to a denial of service condition due to lack of memoryfor devices that include a vulnerable version ...
7.5CVSS
7.4AI Score
0.001EPSS
An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).
7.5CVSS
7.4AI Score
0.002EPSS
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...
5.9CVSS
6.5AI Score
0.005EPSS