2022-08-10
|
CVE-2022-36323
|
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.
|
Scalance_m\-800_firmware, Scalance_s615_firmware, Scalance_sc622\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware, Scalance_sc\-600_firmware, Scalance_w700_ieee_802\.11ac_firmware, Scalance_w700_ieee_802\.11ax_firmware, Scalance_w700_ieee_802\.11n_firmware, Scalance_xb205\-3_firmware, Scalance_xb205\-3ld_firmware, Scalance_xb208_firmware, Scalance_xb213\-3_firmware, Scalance_xb213\-3ld_firmware, Scalance_xb216_firmware, Scalance_xb\-200_firmware, Scalance_xc206\-2_firmware, Scalance_xc206\-2g_poe__firmware, Scalance_xc206\-2g_poe_eec_firmware, Scalance_xc206\-2sfp_eec_firmware, Scalance_xc206\-2sfp_g_\(E\/ip\)_firmware, Scalance_xc206\-2sfp_g_eec_firmware, Scalance_xc206\-2sfp_g_firmware, Scalance_xc208_firmware, Scalance_xc208eec_firmware, Scalance_xc208g_\(E\/ip\)_firmware, Scalance_xc208g_eec_firmware, Scalance_xc208g_firmware, Scalance_xc208g_poe_firmware, Scalance_xc216\-4c_firmware, Scalance_xc216\-4c_g_\(E\/ip\)_firmware, Scalance_xc216\-4c_g_eec_firmware, Scalance_xc216\-4c_g_firmware, Scalance_xc216_firmware, Scalance_xc216eec_firmware, Scalance_xc224\-4c_g_\(E\/ip\)_firmware, Scalance_xc224\-4c_g__firmware, Scalance_xc224\-4c_g_eec_firmware, Scalance_xc224__firmware, Scalance_xc\-200_firmware, Scalance_xf204\-2ba_dna_firmware, Scalance_xf204\-2ba_irt_firmware, Scalance_xf\-200ba_firmware, Scalance_xm400_firmware, Scalance_xm408\-4c_firmware, Scalance_xm408\-4c_l3_firmware, Scalance_xm408\-8c_firmware, Scalance_xm408\-8c_l3_firmware, Scalance_xm416\-4c_firmware, Scalance_xm416\-4c_l3_firmware, Scalance_xp208_\(Eip\)_firmware, Scalance_xp208_firmware, Scalance_xp208eec_firmware, Scalance_xp208poe_eec_firmware, Scalance_xp216_\(Eip\)_firmware, Scalance_xp216_firmware, Scalance_xp216eec_firmware, Scalance_xp216poe_eec_firmware, Scalance_xp\-200_firmware, Scalance_xr324\-12m_firmware, Scalance_xr324\-12m_ts_firmware, Scalance_xr324\-4m_eec_firmware, Scalance_xr324\-4m_poe_firmware, Scalance_xr324\-4m_poe_ts_firmware, Scalance_xr324wg_firmware, Scalance_xr326\-2c_poe_wg_firmware, Scalance_xr328\-4c_wg_firmware, Scalance_xr500_firmware, Scalance_xr524\-8c_firmware, Scalance_xr524\-8c_l3_firmware, Scalance_xr524_firmware, Scalance_xr526\-8c_firmware, Scalance_xr526\-8c_l3_firmware, Scalance_xr526_firmware, Scalance_xr528\-6m_2hr2_firmware, Scalance_xr528\-6m_2hr2_l3_firmware, Scalance_xr528\-6m_firmware, Scalance_xr528\-6m_l3_firmware, Scalance_xr528_firmware, Scalance_xr552\-12_firmware, Scalance_xr552\-12m_2hr2_firmware, Scalance_xr552\-12m_2hr2_l3_firmware, Scalance_xr552\-12m_firmware, Scalance_xr552_firmware, Scalance_xr\-300_firmware, Scalance_xr\-300eec_firmware, Scalance_xr\-300poe_firmware, Scalance_xr\-300wg_firmware
|
N/A
|
|
|
2022-08-10
|
CVE-2022-36324
|
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.
|
Scalance_m\-800_firmware, Scalance_s615_firmware, Scalance_w700_ieee_802\.11ac_firmware, Scalance_w700_ieee_802\.11ax_firmware, Scalance_w700_ieee_802\.11n_firmware, Scalance_xb205\-3_firmware, Scalance_xb205\-3ld_firmware, Scalance_xb208_firmware, Scalance_xb213\-3_firmware, Scalance_xb213\-3ld_firmware, Scalance_xb216_firmware, Scalance_xb\-200_firmware, Scalance_xc206\-2_firmware, Scalance_xc206\-2g_poe__firmware, Scalance_xc206\-2g_poe_eec_firmware, Scalance_xc206\-2sfp_eec_firmware, Scalance_xc206\-2sfp_g_\(E\/ip\)_firmware, Scalance_xc206\-2sfp_g_eec_firmware, Scalance_xc206\-2sfp_g_firmware, Scalance_xc208_firmware, Scalance_xc208eec_firmware, Scalance_xc208g_\(E\/ip\)_firmware, Scalance_xc208g_eec_firmware, Scalance_xc208g_firmware, Scalance_xc208g_poe_firmware, Scalance_xc216\-4c_firmware, Scalance_xc216\-4c_g_\(E\/ip\)_firmware, Scalance_xc216\-4c_g_eec_firmware, Scalance_xc216\-4c_g_firmware, Scalance_xc216_firmware, Scalance_xc216eec_firmware, Scalance_xc224\-4c_g_\(E\/ip\)_firmware, Scalance_xc224\-4c_g__firmware, Scalance_xc224\-4c_g_eec_firmware, Scalance_xc224__firmware, Scalance_xc\-200_firmware, Scalance_xf204\-2ba_dna_firmware, Scalance_xf204\-2ba_irt_firmware, Scalance_xf\-200ba_firmware, Scalance_xm400_firmware, Scalance_xm408\-4c_firmware, Scalance_xm408\-4c_l3_firmware, Scalance_xm408\-8c_firmware, Scalance_xm408\-8c_l3_firmware, Scalance_xm416\-4c_firmware, Scalance_xm416\-4c_l3_firmware, Scalance_xp208_\(Eip\)_firmware, Scalance_xp208_firmware, Scalance_xp208eec_firmware, Scalance_xp208poe_eec_firmware, Scalance_xp216_\(Eip\)_firmware, Scalance_xp216_firmware, Scalance_xp216eec_firmware, Scalance_xp216poe_eec_firmware, Scalance_xp\-200_firmware, Scalance_xr324\-12m_firmware, Scalance_xr324\-12m_ts_firmware, Scalance_xr324\-4m_eec_firmware, Scalance_xr324\-4m_poe_firmware, Scalance_xr324\-4m_poe_ts_firmware, Scalance_xr324wg_firmware, Scalance_xr326\-2c_poe_wg_firmware, Scalance_xr328\-4c_wg_firmware, Scalance_xr500_firmware, Scalance_xr524\-8c_firmware, Scalance_xr524\-8c_l3_firmware, Scalance_xr524_firmware, Scalance_xr526\-8c_firmware, Scalance_xr526\-8c_l3_firmware, Scalance_xr526_firmware, Scalance_xr528\-6m_2hr2_firmware, Scalance_xr528\-6m_2hr2_l3_firmware, Scalance_xr528\-6m_firmware, Scalance_xr528\-6m_l3_firmware, Scalance_xr528_firmware, Scalance_xr552\-12_firmware, Scalance_xr552\-12m_2hr2_firmware, Scalance_xr552\-12m_2hr2_l3_firmware, Scalance_xr552\-12m_firmware, Scalance_xr552_firmware, Scalance_xr\-300_firmware, Scalance_xr\-300eec_firmware, Scalance_xr\-300poe_firmware, Scalance_xr\-300wg_firmware
|
7.5
|
|
|
2022-08-10
|
CVE-2022-36325
|
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.
|
Scalance_m\-800_firmware, Scalance_s615_firmware, Scalance_sc622\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware, Scalance_sc\-600_firmware, Scalance_w700_ieee_802\.11ac_firmware, Scalance_w700_ieee_802\.11ax_firmware, Scalance_w700_ieee_802\.11n_firmware, Scalance_xb205\-3_firmware, Scalance_xb205\-3ld_firmware, Scalance_xb208_firmware, Scalance_xb213\-3_firmware, Scalance_xb213\-3ld_firmware, Scalance_xb216_firmware, Scalance_xb\-200_firmware, Scalance_xc206\-2_firmware, Scalance_xc206\-2g_poe__firmware, Scalance_xc206\-2g_poe_eec_firmware, Scalance_xc206\-2sfp_eec_firmware, Scalance_xc206\-2sfp_g_\(E\/ip\)_firmware, Scalance_xc206\-2sfp_g_eec_firmware, Scalance_xc206\-2sfp_g_firmware, Scalance_xc208_firmware, Scalance_xc208eec_firmware, Scalance_xc208g_\(E\/ip\)_firmware, Scalance_xc208g_eec_firmware, Scalance_xc208g_firmware, Scalance_xc208g_poe_firmware, Scalance_xc216\-4c_firmware, Scalance_xc216\-4c_g_\(E\/ip\)_firmware, Scalance_xc216\-4c_g_eec_firmware, Scalance_xc216\-4c_g_firmware, Scalance_xc216_firmware, Scalance_xc216eec_firmware, Scalance_xc224\-4c_g_\(E\/ip\)_firmware, Scalance_xc224\-4c_g__firmware, Scalance_xc224\-4c_g_eec_firmware, Scalance_xc224__firmware, Scalance_xc\-200_firmware, Scalance_xf204\-2ba_dna_firmware, Scalance_xf204\-2ba_irt_firmware, Scalance_xf\-200ba_firmware, Scalance_xm400_firmware, Scalance_xm408\-4c_firmware, Scalance_xm408\-4c_l3_firmware, Scalance_xm408\-8c_firmware, Scalance_xm408\-8c_l3_firmware, Scalance_xm416\-4c_firmware, Scalance_xm416\-4c_l3_firmware, Scalance_xp208_\(Eip\)_firmware, Scalance_xp208_firmware, Scalance_xp208eec_firmware, Scalance_xp208poe_eec_firmware, Scalance_xp216_\(Eip\)_firmware, Scalance_xp216_firmware, Scalance_xp216eec_firmware, Scalance_xp216poe_eec_firmware, Scalance_xp\-200_firmware, Scalance_xr324\-12m_firmware, Scalance_xr324\-12m_ts_firmware, Scalance_xr324\-4m_eec_firmware, Scalance_xr324\-4m_poe_firmware, Scalance_xr324\-4m_poe_ts_firmware, Scalance_xr324wg_firmware, Scalance_xr326\-2c_poe_wg_firmware, Scalance_xr328\-4c_wg_firmware, Scalance_xr500_firmware, Scalance_xr524\-8c_firmware, Scalance_xr524\-8c_l3_firmware, Scalance_xr524_firmware, Scalance_xr526\-8c_firmware, Scalance_xr526\-8c_l3_firmware, Scalance_xr526_firmware, Scalance_xr528\-6m_2hr2_firmware, Scalance_xr528\-6m_2hr2_l3_firmware, Scalance_xr528\-6m_firmware, Scalance_xr528\-6m_l3_firmware, Scalance_xr528_firmware, Scalance_xr552\-12_firmware, Scalance_xr552\-12m_2hr2_firmware, Scalance_xr552\-12m_2hr2_l3_firmware, Scalance_xr552\-12m_firmware, Scalance_xr552_firmware, Scalance_xr\-300_firmware, Scalance_xr\-300eec_firmware, Scalance_xr\-300poe_firmware, Scalance_xr\-300wg_firmware
|
4.8
|
|
|
2020-04-14
|
CVE-2019-19301
|
A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE...
|
Scalance_x\-200irt_firmware, Scalance_x\-200irt_pro_firmware, Scalance_x\-300_firmware, Scalance_xb\-200_firmware, Scalance_xc\-200_firmware, Scalance_xf\-200_firmware, Scalance_xp\-200_firmware, Scalance_xr\-300_firmware, Scalance_xr\-300wg_firmware, Simatic_cp_443\-1_advanced_firmware, Simatic_cp_443\-1_firmware, Simatic_rf180c_firmware, Simatic_rf182c_firmware
|
7.5
|
|
|
2020-01-16
|
CVE-2019-13933
|
A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2...
|
Scalance_x204rna_firmware, Scalance_x408\-2_firmware, Scalance_x\-200rna_firmware, Scalance_x\-300_firmware, Scalance_xr\-300_firmware, Scalance_xr\-300wg_firmware, Siplus_net_csm_1277_firmware
|
8.6
|
|
|
2020-02-11
|
CVE-2019-13924
|
A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions <...
|
Scalance_x\-200irt_firmware, Scalance_x\-300_firmware, Scalance_xb\-200_firmware, Scalance_xc\-200_firmware, Scalance_xf\-200_firmware, Scalance_xp\-200_firmware, Scalance_xr\-300_firmware, Scalance_xr\-300wg_firmware
|
5.4
|
|
|
2012-04-18
|
CVE-2012-1802
|
Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.
|
Scalance_x308\-2m, Scalance_x308\-2m_firmware, Scalance_x414\-3e, Scalance_x414\-3e_firmware, Scalance_x\-300, Scalance_x\-300_firmware, Scalance_x\-300eec, Scalance_x\-300eec_firmware, Scalance_xr\-300, Scalance_xr\-300_firmware
|
N/A
|
|
|