PT-2021-9834 · Siemens · Scalance X-200Irt+2
Published
2021-01-12
·
Updated
2022-07-01
·
CVE-2020-15800
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SCALANCE X-200 switch family (incl. SIPLUS NET variants) versions prior to V5.2.5
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions prior to V5.5.0
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) versions prior to V4.1.0
Description
A heap overflow condition may occur in the webserver of the affected devices due to a vulnerability. This condition can be triggered by an attacker sending specially crafted requests to the webserver, potentially causing it to stop temporarily.
Recommendations
For SCALANCE X-200 switch family (incl. SIPLUS NET variants) versions prior to V5.2.5, update to version V5.2.5 or later.
For SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions prior to V5.5.0, update to version V5.5.0 or later.
For SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) versions prior to V4.1.0, update to version V4.1.0 or later.
Fix
Heap Based Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Scalance X-200
Scalance X-200Irt
Scalance X-300