CVE-2019-10942

Name of the Vulnerable Software and Affected Versions SCALANCE X-200 switch family versions prior to V5.2.5 SCALANCE X-200IRT switch family versions prior to V5.5.0 SCALANCE X204RNA (HSR) (all versions) SCALANCE X204RNA (PRP) (all versions) SCALANCE X204RNA EEC (HSR) (all versions) SCALANCE X204RNA EEC (PRP) (all versions) SCALANCE X204RNA EEC (PRP/HSR) (all versions)

Description The issue is related to insufficient resources in the telnet service of the affected devices, which could allow a remote attacker to cause a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security issue can be exploited by an attacker with network access to the affected systems, requiring no system privileges and no user interaction. This could compromise the availability of the device.

Recommendations For SCALANCE X-200 switch family versions prior to V5.2.5, update to version V5.2.5 or later. For SCALANCE X-200IRT switch family versions prior to V5.5.0, update to version V5.5.0 or later. For SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), and SCALANCE X204RNA EEC (PRP/HSR), at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the telnet service to minimize the risk of exploitation.