← Back

Scalance Sc 600 Firmware

scalance_sc-600_firmware

Vendor: Siemens • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-36325
1Siemens
90Scalance M 800 Firmware
Scalance S615 FirmwareScalance Sc 600 Firmware+87 more
Apr 14, 2026
Aug 10, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-bas...Show more
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.Show less
CVE-2022-36323
1Siemens
90Scalance M 800 Firmware
Scalance S615 FirmwareScalance Sc 600 Firmware+87 more
Apr 14, 2026
Aug 10, 2022
N/A· v4
7.2 HIGH· v3
N/A· v2
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.
CVE-2021-3449
12Checkpoint
DebianFedoraproject+9 more
106Active Iq Unified Manager
Capture ClientCloud Volumes Ontap Mediator+103 more
Nov 21, 2024
Mar 25, 2021
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the...Show more
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).Show less
CVE-2021-25676
1Siemens
4Ruggedcom Rm1224 Firmware
Scalance M 800 FirmwareScalance S615 Firmware+1 more
Nov 21, 2024
Mar 15, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger...Show more
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.Show less
CVE-2019-10928
1Siemens
1Scalance Sc 600 Firmware
Nov 21, 2024
Aug 13, 2019
N/A· v4
6.6 MEDIUM· v3
4.6 MEDIUM· v2
A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary...Show more
A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device.Show less
CVE-2018-5391
7Canonical
DebianF5+4 more
51Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Analytics+48 more
Nov 21, 2024
Sep 6, 2018
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending...Show more
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.Show less