Scalance_s615_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Scalance_s615_firmware
(Siemens)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	24

Date	Id	Summary	Products	Score	Patch	Annotated
2020-02-11	CVE-2019-13946	Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user...	Dk_standard_ethernet_controller, Ek\-Ertec_200_firmware, Ek\-Ertec_200p_firmware, Im_154\-3_pn_hf_firmware, Im_154\-4_pn_hf_firmware, Profinet_driver, Ruggedcom_rm1224_firmware, Scalance_m\-800_firmware, Scalance_s615_firmware, Scalance_w700_ieee_802\.11n_firmware, Scalance_x\-200irt_firmware, Scalance_x\-300_firmware, Scalance_x\-400_firmware, Scalance_xb\-200_firmware, Scalance_xc\-200_firmware, Scalance_xf\-200_firmware, Scalance_xf\-200ba_firmware, Scalance_xm\-400_firmware, Scalance_xp\-200_firmware, Scalance_xr524_firmware, Scalance_xr526_firmware, Scalance_xr528_firmware, Scalance_xr552_firmware, Scalance_xr\-300wg_firmware, Simatic_cp_1604_firmware, Simatic_cp_1616_firmware, Simatic_cp_343\-1_advanced_firmware, Simatic_cp_343\-1_erpc_firmware, Simatic_cp_343\-1_firmware, Simatic_cp_343\-1_lean_firmware, Simatic_cp_443\-1_advanced_firmware, Simatic_cp_443\-1_firmware, Simatic_cp_443\-1_opc_ua_firmware, Simatic_et200al_im_157\-1_pn_firmware, Simatic_et200ecopn_firmware, Simatic_et200m_im153\-4_pn_io_hf_firmware, Simatic_et200m_im153\-4_pn_io_st_firmware, Simatic_et200mp_im155\-5_pn_hf_firmware, Simatic_et200mp_im155\-5_pn_st_firmware, Simatic_et200pro_firmware, Simatic_et200s_firmware, Simatic_et200sp_im155\-6_pn_basic_firmware, Simatic_et200sp_im155\-6_pn_hf_firmware, Simatic_et200sp_im155\-6_pn_st_firmware, Simatic_ipc_support, Simatic_mv420_firmware, Simatic_mv440_firmware, Simatic_pn\/pn_coupler_firmware, Simatic_rf180c_firmware, Simatic_rf182c_firmware, Simatic_rf600_firmware, Sinamics_dcp_firmware	7.5
2017-10-04	CVE-2017-14491	Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.	Eos, Arubaos, Ubuntu_linux, Debian_linux, Honor_v9_play_firmware, Geforce_experience, Linux_for_tegra, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Ruggedcom_rm1224_firmware, Scalance_m\-800_firmware, Scalance_s615_firmware, Scalance_w1750d_firmware, Linux_enterprise_debuginfo, Linux_enterprise_point_of_sale, Linux_enterprise_server, Diskstation_manager, Router_manager, Dnsmasq	9.8
2018-09-06	CVE-2018-5391	The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.	Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Linux_kernel, Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Ruggedcom_rm1224_firmware, Ruggedcom_rox_ii_firmware, Scalance_m\-800_firmware, Scalance_s615_firmware, Scalance_sc\-600_firmware, Scalance_w1700_ieee_802\.11ac_firmware, Scalance_w700_ieee_802\.11a\/b\/g\/n_firmware, Simatic_net_cp_1242\-7_firmware, Simatic_net_cp_1243\-1_firmware, Simatic_net_cp_1243\-7_lte_eu_firmware, Simatic_net_cp_1243\-7_lte_us_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1542sp\-1_firmware, Simatic_net_cp_1542sp\-1_irc_firmware, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1543sp\-1_firmware, Simatic_rf185c_firmware, Simatic_rf186c_firmware, Simatic_rf186ci_firmware, Simatic_rf188_firmware, Simatic_rf188ci_firmware, Sinema_remote_connect_server_firmware	7.5
2016-09-29	CVE-2016-7090	The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.	Scalance_m\-800_firmware, Scalance_s615_firmware	4.0