CVE-2012-1802

Name of the Vulnerable Software and Affected Versions Siemens Scalance X Industrial Ethernet switch X414-3E versions prior to 3.7.1 Siemens Scalance X Industrial Ethernet switch X308-2M versions prior to 3.7.2 Siemens Scalance X Industrial Ethernet switch X-300EEC versions prior to 3.7.2 Siemens Scalance X Industrial Ethernet switch XR-300 versions prior to 3.7.2 Siemens Scalance X Industrial Ethernet switch X-300 versions prior to 3.7.2

Description The issue is related to a buffer overflow in the embedded web server, which can be exploited by remote attackers using a malformed URL. This can cause a denial of service, resulting in a device reboot, or possibly allow the execution of arbitrary code.

Recommendations For X414-3E versions prior to 3.7.1, update to version 3.7.1 or later. For X308-2M versions prior to 3.7.2, update to version 3.7.2 or later. For X-300EEC versions prior to 3.7.2, update to version 3.7.2 or later. For XR-300 versions prior to 3.7.2, update to version 3.7.2 or later. For X-300 versions prior to 3.7.2, update to version 3.7.2 or later.