PT-2012-3550 · Siemens · Scalance X-300+3
Published
2012-04-18
·
Updated
2012-11-20
·
CVE-2012-1802
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Siemens Scalance X Industrial Ethernet switch X414-3E versions prior to 3.7.1
Siemens Scalance X Industrial Ethernet switch X308-2M versions prior to 3.7.2
Siemens Scalance X Industrial Ethernet switch X-300EEC versions prior to 3.7.2
Siemens Scalance X Industrial Ethernet switch XR-300 versions prior to 3.7.2
Siemens Scalance X Industrial Ethernet switch X-300 versions prior to 3.7.2
Description
The issue is related to a buffer overflow in the embedded web server, which can be exploited by remote attackers using a malformed URL. This can cause a denial of service, resulting in a device reboot, or possibly allow the execution of arbitrary code.
Recommendations
For X414-3E versions prior to 3.7.1, update to version 3.7.1 or later.
For X308-2M versions prior to 3.7.2, update to version 3.7.2 or later.
For X-300EEC versions prior to 3.7.2, update to version 3.7.2 or later.
For XR-300 versions prior to 3.7.2, update to version 3.7.2 or later.
For X-300 versions prior to 3.7.2, update to version 3.7.2 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scalance X-300
Scalance X-300Eec
Scalance X308-2M
Scalance X-414-3E