Scalance X204rna Firmware Security Vulnerabilities and Issues — Scalance X204rna Firmware CVE List

Lucene search

SiemensScalance X204rna Firmware

9 matches found

CVE•added 2019/01/31 6:29 p.m.•13297 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented)...

5.9CVSS6.3AI score0.57154EPSS

CVE•added 2019/01/10 9:29 p.m.•5441 views

CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

5.3CVSS6.3AI score0.03744EPSS

CVE•added 2019/01/31 6:29 p.m.•5194 views

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

6.8CVSS6.2AI score0.45173EPSS

CVE•added 2018/08/17 7:29 p.m.•4795 views

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

5.3CVSS5.8AI score0.90473EPSS

CVE•added 2019/10/09 8:15 p.m.•4672 views

CVE-2019-16905

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algo...

7.8CVSS7.9AI score0.00218EPSS

CVE•added 2019/01/31 6:29 p.m.•4576 views

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This a...

6.8CVSS6.7AI score0.08063EPSS

CVE•added 2003/05/12 4:0 a.m.•199 views

CVE-2003-0190

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

5CVSS6.3AI score0.12913EPSS

CVE•added 2020/01/16 4:15 p.m.•84 views

CVE-2019-13933

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated)...

8.6CVSS8.1AI score0.00543EPSS

CVE•added 2018/06/14 4:29 p.m.•49 views

CVE-2018-4833

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200R...

8.8CVSS8.6AI score0.01008EPSS