Scalance Xr-300wg Firmware@* Security Vulnerabilities and Issues — Scalance Xr-300wg Firmware@* CVE List

Lucene search

SiemensScalance Xr-300wg Firmware*

9 matches found

CVE•added 2021/03/25 3:15 p.m.•749 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15517EPSS

CVE•added 2021/07/13 11:15 a.m.•120 views

CVE-2020-28400

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

8.7CVSS7.5AI score0.00903EPSS

CVE•added 2020/02/11 4:15 p.m.•115 views

CVE-2019-13946

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limitinternal resource allocation when multiple legitimate diagnostic packagerequests are sent to the DCE-RPC interface.This could lead to a denial of service condition due to lack of memoryfor devices that include a vulnerable version ...

7.8CVSS7.4AI score0.00552EPSS

CVE•added 2020/04/14 8:15 p.m.•107 views

CVE-2019-19301

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE...

7.5CVSS7.4AI score0.0054EPSS

CVE•added 2022/08/10 12:15 p.m.•102 views

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

9.1CVSS9AI score0.00373EPSS

CVE•added 2022/08/10 12:15 p.m.•93 views

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

6.8CVSS5.2AI score0.00137EPSS

CVE•added 2020/01/16 4:15 p.m.•84 views

CVE-2019-13933

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated)...

8.6CVSS8.1AI score0.00543EPSS

CVE•added 2022/08/10 12:15 p.m.•83 views

CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

7.5CVSS7.6AI score0.00067EPSS

CVE•added 2020/02/11 4:15 p.m.•51 views

CVE-2019-13924

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-20...

5.4CVSS5.2AI score0.00273EPSS