Scalance Xr324-4m Poe Firmware Security Vulnerabilities and Issues — Scalance Xr324-4m Poe Firmware CVE List

Lucene search

SiemensScalance Xr324-4m Poe Firmware

14 matches found

CVE•added 2021/07/13 11:15 a.m.•120 views

CVE-2020-28400

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

8.7CVSS7.5AI score0.00903EPSS

CVE•added 2022/08/10 12:15 p.m.•102 views

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

9.1CVSS9AI score0.00373EPSS

CVE•added 2022/04/12 9:15 a.m.•101 views

CVE-2022-25756

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coate...

6.1CVSS5.8AI score0.0058EPSS

CVE•added 2022/08/10 12:15 p.m.•93 views

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

6.8CVSS5.2AI score0.00137EPSS

CVE•added 2022/04/12 9:15 a.m.•89 views

CVE-2022-25754

8.8CVSS8.5AI score0.00234EPSS

CVE•added 2022/04/12 9:15 a.m.•89 views

CVE-2022-26334

7.8CVSS7.5AI score0.02867EPSS

CVE•added 2022/04/12 9:15 a.m.•87 views

CVE-2022-25752

9.8CVSS9.3AI score0.0282EPSS

CVE•added 2022/04/12 9:15 a.m.•86 views

CVE-2022-26380

7.8CVSS7.3AI score0.00582EPSS

CVE•added 2022/04/12 9:15 a.m.•83 views

CVE-2022-25755

7.5CVSS7.3AI score0.0058EPSS

CVE•added 2022/08/10 12:15 p.m.•83 views

CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

7.5CVSS7.6AI score0.00067EPSS

CVE•added 2022/04/12 9:15 a.m.•76 views

CVE-2022-25753

8.8CVSS8.8AI score0.04641EPSS

CVE•added 2022/04/12 9:15 a.m.•76 views

CVE-2022-26335

7.8CVSS7.5AI score0.02867EPSS

CVE•added 2022/04/12 9:15 a.m.•72 views

CVE-2022-25751

7.8CVSS7.5AI score0.03257EPSS

CVE•added 2021/01/12 9:15 p.m.•62 views

CVE-2020-28395

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situat...

5.9CVSS5.4AI score0.0017EPSS