Scalance Xb-200 Firmware Security Vulnerabilities and Issues — Scalance Xb-200 Firmware CVE List

Lucene search

SiemensScalance Xb-200 Firmware

11 matches found

CVE•added 2021/03/25 3:15 p.m.•749 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15517EPSS

CVE•added 2021/07/13 11:15 a.m.•120 views

CVE-2020-28400

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

8.7CVSS7.5AI score0.00903EPSS

CVE•added 2020/02/11 4:15 p.m.•115 views

CVE-2019-13946

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limitinternal resource allocation when multiple legitimate diagnostic packagerequests are sent to the DCE-RPC interface.This could lead to a denial of service condition due to lack of memoryfor devices that include a vulnerable version ...

7.8CVSS7.4AI score0.00552EPSS

CVE•added 2020/04/14 8:15 p.m.•107 views

CVE-2019-19301

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE...

7.5CVSS7.4AI score0.0054EPSS

CVE•added 2022/08/10 12:15 p.m.•102 views

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

9.1CVSS9AI score0.00373EPSS

CVE•added 2022/08/10 12:15 p.m.•93 views

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

6.8CVSS5.2AI score0.00137EPSS

CVE•added 2022/08/10 12:15 p.m.•83 views

CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

7.5CVSS7.6AI score0.00067EPSS

CVE•added 2019/08/13 7:15 p.m.•66 views

CVE-2019-10927

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Serv...

6.5CVSS6.2AI score0.00609EPSS

CVE•added 2021/03/15 5:15 p.m.•56 views

CVE-2021-25667

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and = V4.3 and = V4.3 and = V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2)...

8.8CVSS8.8AI score0.00907EPSS

CVE•added 2020/02/11 4:15 p.m.•51 views

CVE-2019-13924

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-20...

5.4CVSS5.2AI score0.00273EPSS

CVE•added 2017/12/26 4:29 a.m.•47 views

CVE-2017-12736

A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions

8.8CVSS8.4AI score0.00281EPSS