CVE-2020-25226
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.
Affected (66)
Products: Siemens: Scalance X200 4pirt Firmware, Scalance X201 3pirt Firmware, Scalance X202 2irt Firmware, Scalance X202 2pirt Firmware, Scalance X202 2pirt Siplus Net Firmware, Scalance X204irt Firmware, Scalance X307 3 Firmware, Scalance X307 3ld Firmware, Scalance X308 2 Firmware, Scalance X308 2ld Firmware, Scalance X308 2lh+ Firmware, Scalance X308 2m Firmware, Scalance X308 2m Ts Firmware, Scalance X310 Firmware, Scalance X310fe Firmware, Scalance X320 1fe Firmware, Scalance X320 3ldfe Firmware, Scalance Xb205 3 Firmware, Scalance Xb205 3ld Firmware, Scalance Xb208 Firmware, Scalance Xb213 3 Firmware, Scalance Xb213 3ld Firmware, Scalance Xb216 Firmware, Scalance Xc206 2 Firmware, Scalance Xc206 2g Poe Firmware, Scalance Xc206 2g Poe Eec Firmware, Scalance Xc206 2sfp Firmware, Scalance Xc206 2sfp Eec Firmware, Scalance Xc206 2sfp G Firmware, Scalance Xc206 2sfp G (e/ip) Firmware, Scalance Xc206 2sfp G Eec Firmware, Scalance Xc208 Firmware, Scalance Xc208eec Firmware, Scalance Xc208g Firmware, Scalance Xc208g (e/ip) Firmware, Scalance Xc208g Eec Firmware, Scalance Xc208g Poe Firmware, Scalance Xc216 Firmware, Scalance Xc216 4c Firmware, Scalance Xc216 4c G Firmware, Scalance Xc216 4c G (e/ip) Firmware, Scalance Xc216 4c G Eec Firmware, Scalance Xc216eec Firmware, Scalance Xc224 4c G Firmware, Scalance Xc224 4c G (e/ip) Firmware, Scalance Xc224 4c G Eec Firmware, Scalance Xc224 Firmware, Scalance Xf201 3p Irt Firmware, Scalance Xf202 2p Irt Firmware, Scalance Xf204 Firmware, Scalance Xf204 2 Firmware, Scalance Xf204 2ba Dna Firmware, Scalance Xf204 2ba Irt Firmware, Scalance Xf204 Dna Firmware, Scalance Xf204irt Firmware, Scalance Xf206 1 Firmware, Scalance Xf208 Firmware, Scalance Xp208 Firmware, Scalance Xp208 (eip) Firmware, Scalance Xp208eec Firmware, Scalance Xp208poe Eec Firmware, Scalance Xp216 Firmware, Scalance Xp216 (eip) Firmware, Scalance Xp216eec Firmware, Scalance Xp216poe Eec Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.5.0 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X200 4pirt | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.5.0 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X201 3pirt | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.5.0 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X202 2irt | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.5.0 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X202 2pirt | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.5.0 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X202 2pirt Siplus Net | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.5.0 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X204irt | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X307 3 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X307 3ld | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X308 2 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X308 2ld | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X308 2lh | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X308 2lh+ | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X308 2m | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X308 2m Ts | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X310 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X310fe | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X320 1fe | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance X320 3ldfe | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xb205 3 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xb205 3ld | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xb208 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xb213 3 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xb213 3ld | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xb216 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc206 2 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc206 2g Poe | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc206 2g Poe Eec | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc206 2sfp | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc206 2sfp Eec | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc206 2sfp G | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc206 2sfp G (e/ip) | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc206 2sfp G Eec | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc208 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc208eec | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc208g | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc208g (e/ip) | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc208g Eec | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc208g Poe | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc216 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc216 4c | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc216 4c G | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc216 4c G (e/ip) | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc216 4c G Eec | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc216eec | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc224 4c G | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc224 4c G (e/ip) | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc224 4c G Eec | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xc224 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf201 3p Irt | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf202 2p Irt | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204 2 | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204 2ba Dna | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204 2ba Irt | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204 Dna | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf204irt | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf206 1 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xf208 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xp208 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xp208 (eip) | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xp208eec | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xp208poe Eec | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xp216 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xp216 (eip) | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xp216eec | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.2.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Scalance Xp216poe Eec | All versions |
Related CWEs
CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (2)
Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.