Lucene search

[email protected]NVD:CVE-2020-25226

HistoryJan 12, 2021 - 9:15 p.m.

CVE-2020-25226

2021-01-1221:15:16

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-25226

scalance x-200

scalance x-200irt

buffer overflow

webserver vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

56.7%

JSON

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.

Affected configurations

Nvd

Node

siemensscalance_x200-4pirt_firmwareRange<5.5.0

AND

siemensscalance_x200-4pirtMatch-

Node

siemensscalance_x201-3pirt_firmwareRange<5.5.0

AND

siemensscalance_x201-3pirtMatch-

Node

siemensscalance_x202-2irt_firmwareRange<5.5.0

AND

siemensscalance_x202-2irtMatch-

Node

siemensscalance_x202-2pirt_firmwareRange<5.5.0

AND

siemensscalance_x202-2pirtMatch-

Node

siemensscalance_x202-2pirt_siplus_net_firmwareRange<5.5.0

AND

siemensscalance_x202-2pirt_siplus_netMatch-

Node

siemensscalance_x204irt_firmwareRange<5.5.0

AND

siemensscalance_x204irtMatch-

Node

siemensscalance_x307-3_firmware

AND

siemensscalance_x307-3Match-

Node

siemensscalance_x307-3ld_firmware

AND

siemensscalance_x307-3ldMatch-

Node

siemensscalance_x308-2_firmware

AND

siemensscalance_x308-2Match-

Node

siemensscalance_x308-2ld_firmware

AND

siemensscalance_x308-2ldMatch-

Node

siemensscalance_x308-2lh_firmware

AND

siemensscalance_x308-2lhMatch-

Node

siemensscalance_x308-2lh\+_firmware

AND

siemensscalance_x308-2lh\+Match-

Node

siemensscalance_x308-2m_firmware

AND

siemensscalance_x308-2mMatch-

Node

siemensscalance_x308-2m_ts_firmware

AND

siemensscalance_x308-2m_tsMatch-

Node

siemensscalance_x310_firmware

AND

siemensscalance_x310Match-

Node

siemensscalance_x310fe_firmware

AND

siemensscalance_x310feMatch-

Node

siemensscalance_x320-1fe_firmware

AND

siemensscalance_x320-1feMatch-

Node

siemensscalance_x320-3ldfe_firmware

AND

siemensscalance_x320-3ldfeMatch-

Node

siemensscalance_xb205-3_firmwareRange<5.2.5

AND

siemensscalance_xb205-3Match-

Node

siemensscalance_xb205-3ld_firmwareRange<5.2.5

AND

siemensscalance_xb205-3ldMatch-

Node

siemensscalance_xb208_firmwareRange<5.2.5

AND

siemensscalance_xb208Match-

Node

siemensscalance_xb213-3_firmwareRange<5.2.5

AND

siemensscalance_xb213-3Match-

Node

siemensscalance_xb213-3ld_firmwareRange<5.2.5

AND

siemensscalance_xb213-3ldMatch-

Node

siemensscalance_xb216_firmwareRange<5.2.5

AND

siemensscalance_xb216Match-

Node

siemensscalance_xc206-2_firmwareRange<5.2.5

AND

siemensscalance_xc206-2Match-

Node

siemensscalance_xc206-2g_poe__firmwareRange<5.2.5

AND

siemensscalance_xc206-2g_poe_Match-

Node

siemensscalance_xc206-2g_poe_eec_firmwareRange<5.2.5

AND

siemensscalance_xc206-2g_poe_eecMatch-

Node

siemensscalance_xc206-2sfp_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfpMatch-

Node

siemensscalance_xc206-2sfp_eec_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfp_eecMatch-

Node

siemensscalance_xc206-2sfp_g_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfp_gMatch-

Node

siemensscalance_xc206-2sfp_g_\(e\/ip\)_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfp_g_\(e\/ip\)Match-

Node

siemensscalance_xc206-2sfp_g_eec_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfp_g_eecMatch-

Node

siemensscalance_xc208_firmwareRange<5.2.5

AND

siemensscalance_xc208Match-

Node

siemensscalance_xc208eec_firmwareRange<5.2.5

AND

siemensscalance_xc208eecMatch-

Node

siemensscalance_xc208g_firmwareRange<5.2.5

AND

siemensscalance_xc208gMatch-

Node

siemensscalance_xc208g_\(e\/ip\)_firmwareRange<5.2.5

AND

siemensscalance_xc208g_\(e\/ip\)Match-

Node

siemensscalance_xc208g_eec_firmwareRange<5.2.5

AND

siemensscalance_xc208g_eecMatch-

Node

siemensscalance_xc208g_poe_firmwareRange<5.2.5

AND

siemensscalance_xc208g_poeMatch-

Node

siemensscalance_xc216_firmwareRange<5.2.5

AND

siemensscalance_xc216Match-

Node

siemensscalance_xc216-4c_firmwareRange<5.2.5

AND

siemensscalance_xc216-4cMatch-

Node

siemensscalance_xc216-4c_g_firmwareRange<5.2.5

AND

siemensscalance_xc216-4c_gMatch-

Node

siemensscalance_xc216-4c_g_\(e\/ip\)_firmwareRange<5.2.5

AND

siemensscalance_xc216-4c_g_\(e\/ip\)Match-

Node

siemensscalance_xc216-4c_g_eec_firmwareRange<5.2.5

AND

siemensscalance_xc216-4c_g_eecMatch-

Node

siemensscalance_xc216eec_firmwareRange<5.2.5

AND

siemensscalance_xc216eecMatch-

Node

siemensscalance_xc224-4c_g__firmwareRange<5.2.5

AND

siemensscalance_xc224-4c_g_Match-

Node

siemensscalance_xc224-4c_g_\(e\/ip\)_firmwareRange<5.2.5

AND

siemensscalance_xc224-4c_g_\(e\/ip\)Match-

Node

siemensscalance_xc224-4c_g_eec_firmwareRange<5.2.5

AND

siemensscalance_xc224-4c_g_eecMatch-

Node

siemensscalance_xc224__firmwareRange<5.2.5

AND

siemensscalance_xc224_Match-

Node

siemensscalance_xf201-3p_irt_firmwareRange<5.2.5

AND

siemensscalance_xf201-3p_irtMatch-

Node

siemensscalance_xf202-2p_irt_firmwareRange<5.2.5

AND

siemensscalance_xf202-2p_irtMatch-

Node

siemensscalance_xf204_firmwareRange<5.2.5

AND

siemensscalance_xf204Match-

Node

siemensscalance_xf204-2_firmwareRange<5.2.5

AND

siemensscalance_xf204-2Match-

Node

siemensscalance_xf204-2ba_dna_firmwareRange<5.2.5

AND

siemensscalance_xf204-2ba_dnaMatch-

Node

siemensscalance_xf204-2ba_irt_firmwareRange<5.2.5

AND

siemensscalance_xf204-2ba_irtMatch-

Node

siemensscalance_xf204_dna_firmwareRange<5.2.5

AND

siemensscalance_xf204_dnaMatch-

Node

siemensscalance_xf204irt_firmwareRange<5.2.5

AND

siemensscalance_xf204irtMatch-

Node

siemensscalance_xf206-1_firmwareRange<5.2.5

AND

siemensscalance_xf206-1Match-

Node

siemensscalance_xf208_firmwareRange<5.2.5

AND

siemensscalance_xf208Match-

Node

siemensscalance_xp208_firmwareRange<5.2.5

AND

siemensscalance_xp208Match-

Node

siemensscalance_xp208_\(eip\)_firmwareRange<5.2.5

AND

siemensscalance_xp208_\(eip\)Match-

Node

siemensscalance_xp208eec_firmwareRange<5.2.5

AND

siemensscalance_xp208eecMatch-

Node

siemensscalance_xp208poe_eec_firmwareRange<5.2.5

AND

siemensscalance_xp208poe_eecMatch-

Node

siemensscalance_xp216_firmwareRange<5.2.5

AND

siemensscalance_xp216Match-

Node

siemensscalance_xp216_\(eip\)_firmwareRange<5.2.5

AND

siemensscalance_xp216_\(eip\)Match-

Node

siemensscalance_xp216eec_firmwareRange<5.2.5

AND

siemensscalance_xp216eecMatch-

Node

siemensscalance_xp216poe_eec_firmwareRange<5.2.5

AND

siemensscalance_xp216poe_eecMatch-

VendorProductVersionCPE
siemensscalance_x200-4pirt_firmware*cpe:2.3:o:siemens:scalance_x200-4pirt_firmware:*:*:*:*:*:*:*:*
siemensscalance_x200-4pirt-cpe:2.3:h:siemens:scalance_x200-4pirt:-:*:*:*:*:*:*:*
siemensscalance_x201-3pirt_firmware*cpe:2.3:o:siemens:scalance_x201-3pirt_firmware:*:*:*:*:*:*:*:*
siemensscalance_x201-3pirt-cpe:2.3:h:siemens:scalance_x201-3pirt:-:*:*:*:*:*:*:*
siemensscalance_x202-2irt_firmware*cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*
siemensscalance_x202-2irt-cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*
siemensscalance_x202-2pirt_firmware*cpe:2.3:o:siemens:scalance_x202-2pirt_firmware:*:*:*:*:*:*:*:*
siemensscalance_x202-2pirt-cpe:2.3:h:siemens:scalance_x202-2pirt:-:*:*:*:*:*:*:*
siemensscalance_x202-2pirt_siplus_net_firmware*cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware:*:*:*:*:*:*:*:*
siemensscalance_x202-2pirt_siplus_net-cpe:2.3:h:siemens:scalance_x202-2pirt_siplus_net:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	scalance_x200-4pirt_firmware	*	cpe:2.3:o:siemens:scalance_x200-4pirt_firmware::::::::
siemens	scalance_x200-4pirt	-	cpe:2.3:h:siemens:scalance_x200-4pirt:-:::::::*
siemens	scalance_x201-3pirt_firmware	*	cpe:2.3:o:siemens:scalance_x201-3pirt_firmware::::::::
siemens	scalance_x201-3pirt	-	cpe:2.3:h:siemens:scalance_x201-3pirt:-:::::::*
siemens	scalance_x202-2irt_firmware	*	cpe:2.3:o:siemens:scalance_x202-2irt_firmware::::::::
siemens	scalance_x202-2irt	-	cpe:2.3:h:siemens:scalance_x202-2irt:-:::::::*
siemens	scalance_x202-2pirt_firmware	*	cpe:2.3:o:siemens:scalance_x202-2pirt_firmware::::::::
siemens	scalance_x202-2pirt	-	cpe:2.3:h:siemens:scalance_x202-2pirt:-:::::::*
siemens	scalance_x202-2pirt_siplus_net_firmware	*	cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware::::::::
siemens	scalance_x202-2pirt_siplus_net	-	cpe:2.3:h:siemens:scalance_x202-2pirt_siplus_net:-:::::::*

Rows per page:

1-10 of 1321

References

cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

56.7%

JSON

Related for NVD:CVE-2020-25226

nessus1 cvelist1 prion1 cve1 ics1