PT-2021-2205 · Siemens · Scalance X-300+2

Published

2021-01-12

Updated

2022-07-28

CVE-2020-25226

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: SCALANCE X-200 versions prior to V5.2.5 SCALANCE X-200IRT versions prior to V5.5.0 SCALANCE X-300 (affected versions not specified)

Description: The issue is related to a buffer overflow condition in the web server of the affected devices. This can be triggered by sending a specially crafted request, potentially allowing a remote attacker to execute arbitrary code. The web server may stop and fail to recover after the attack.

Recommendations: For SCALANCE X-200 versions prior to V5.2.5, update to version V5.2.5 or later to resolve the issue. For SCALANCE X-200IRT versions prior to V5.5.0, update to version V5.5.0 or later to resolve the issue. For SCALANCE X-300, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

BDU:2021-01114

CVE-2020-25226

Affected Products

Scalance X-200

Scalance X-200Irt

Scalance X-300

PT-2021-2205 · Siemens · Scalance X-300+2

CVE-2020-25226

Weakness Enumeration

Related Identifiers

Affected Products

References · 4