CVE-2012-1802

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.8HIGH

EPSS

2.7%

top 14.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance X-300 Firmware Siemens Scalance X-300eec Firmware Siemens Scalance X308-2m Firmware +2 more

Timeline

PublishedApr 18

Latest updateMay 17

Description

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages5 packages

▶NVDsiemens/scalance_x308-2m_firmware3.7.0+3

▶NVDsiemens/scalance_x414-3e_firmware3.7.0+9

▶NVDsiemens/scalance_x-300eec_firmware3.7.0+1

▶NVDsiemens/scalance_x-300_firmware3.7.0+6

▶NVDsiemens/scalance_xr-300_firmware3.7.0+2

🔴Vulnerability Details

GHSA

GHSA-45r8-2cqp-rwrj: Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3↗2022-05-17

▶

CVEList

CVE-2012-1802: Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3↗2012-04-18

▶

💬Community

Bugzilla

CVE-2012-5573 tor: denial of service when handling SENDME cells↗2012-11-26

▶