Skip to main content

Scalance Xc 200 Firmware

8 CVEs product

Monthly

CVE-2022-36325 MEDIUM CISA This Month

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Scalance M 800 Firmware Scalance S615 Firmware Scalance Sc 600 Firmware Scalance Sc622 2C Firmware +86
NVD VulDB
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-36324 HIGH CISA Act Now

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Scalance M 800 Firmware Scalance S615 Firmware Scalance W700 Ieee 802 11Ax Firmware Scalance W700 Ieee 802 11N Firmware +80
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-36323 CRITICAL PATCH CISA Act Now

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Scalance M 800 Firmware Scalance S615 Firmware Scalance Sc 600 Firmware Scalance Sc622 2C Firmware +86
NVD VulDB
CVSS 3.1
9.1
EPSS
0.5%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2021-25667 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Siemens Ruggedcom Rm1224 Firmware +14
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-10927 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Siemens Information Disclosure Scalance Xb 200 Firmware Scalance Xc 200 Firmware Scalance Xf 200Ba Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-6569 CRITICAL PATCH Act Now

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Scalance X 200 Firmware Scalance X 300 Firmware Scalance Xp 200 Firmware Scalance Xc 200 Firmware +1
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2017-12736 HIGH This Week

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Scalance Xb 200 Firmware Scalance Xc 200 Firmware Scalance Xp 200 Firmware Scalance Xr300 Wg Firmware +3
NVD
CVSS 3.1
8.8
EPSS
0.5%
EPSS 0% CVSS 6.8
MEDIUM This Month

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Scalance M 800 Firmware Scalance S615 Firmware +88
NVD VulDB
EPSS 1% CVSS 7.5
HIGH Act Now

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Scalance M 800 Firmware Scalance S615 Firmware +82
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Scalance M 800 Firmware Scalance S615 Firmware +88
NVD VulDB
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow +16
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Siemens Information Disclosure Scalance Xb 200 Firmware +4
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Scalance X 200 Firmware Scalance X 300 Firmware +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Scalance Xb 200 Firmware Scalance Xc 200 Firmware +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy