Scalance X320 3ldfe Firmware

scalance_x320-3ldfe_firmware

Vendor: Siemens • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-28400 1Siemens 78Dk Standard Ethernet Controller Evaluation Kit Firmware Ek Ertec 200 Evaulation Kit FirmwareEk Ertec 200p Evaluation Kit Firmware+75 more Dec 10, 2024 Jul 13, 2021 8.7 HIGH· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.
CVE-2020-28391 1Siemens 65Scalance X200 4pirt Firmware Scalance X201 3pirt FirmwareScalance X202 2irt Firmware+62 more Nov 21, 2024 Jan 12, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200...Show more A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.Show less
CVE-2020-25226 1Siemens 65Scalance X200 4pirt Firmware Scalance X201 3pirt FirmwareScalance X202 2irt Firmware+62 more Nov 21, 2024 Jan 12, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server...Show more A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.Show less
CVE-2020-15800 1Siemens 65Scalance X200 4pirt Firmware Scalance X201 3pirt FirmwareScalance X202 2irt Firmware+62 more Nov 21, 2024 Jan 12, 2021 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300...Show more A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.Show less
CVE-2020-15799 1Siemens 65Scalance X200 4pirt Firmware Scalance X201 3pirt FirmwareScalance X202 2irt Firmware+62 more Nov 21, 2024 Jan 12, 2021 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerabil...Show more A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.Show less