Lucene search

SiemensCVELIST:CVE-2020-25226

HistoryJan 12, 2021 - 8:18 p.m.

CVE-2020-25226

2021-01-1220:18:33

CWE-122

siemens

www.cve.org

vulnerability

scalance x-200

scalance x-200irt

web server

buffer overflow

attacker

webserver

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

56.7%

JSON

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.

CNA Affected

[
  {
    "product": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V5.2.5"
      }
    ]
  },
  {
    "product": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V5.5.0"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf