PT-2021-2206 · Siemens · Scalance X-200+1
Published
2021-01-12
·
Updated
2022-07-28
·
CVE-2020-15799
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
SCALANCE X-200 switch family (incl. SIPLUS NET variants) versions prior to V5.2.5
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions prior to V5.5.0
Description
The issue is related to a lack of authentication for a critical function in the web server of the affected products. This could allow an unauthenticated attacker to reboot the device over the network by using special URLs from the integrated web server.
Recommendations
For SCALANCE X-200 switch family (incl. SIPLUS NET variants) versions prior to V5.2.5, update to version V5.2.5 or later.
For SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions prior to V5.5.0, update to version V5.5.0 or later.
As a temporary workaround, consider restricting access to the integrated web server until a patch is applied.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scalance X-200
Scalance X-200Irt