CVE-2018-4833Heap-based Buffer Overflow in Siemens Scalance X200 Firmware

CWE-122Heap-based Buffer OverflowCWE-20Improper Input Validation3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Siemens Scalance X200 FirmwareSiemens Scalance X200irt FirmwareSiemens Rfid 181eip+9 more
Timeline
PublishedJun 14
Latest updateMay 13

Description

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5siemens/scalance_x-200irt_switch_familyAll versions < V5.4.1
CVEListV5siemens/scalance_x-200rna_switch_familyAll versions < V3.2.6
CVEListV5siemens/scalance_x-200_switch_familyAll versions < V5.2.3
CVEListV5siemens/scalance_x-300_switch_familyAll versions < V4.1.3

🔴Vulnerability Details

2
GHSA
GHSA-w74m-fchp-7mq8: A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V42022-05-13
CVEList
CVE-2018-4833: A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V42018-06-14
CVE-2018-4833 — Heap-based Buffer Overflow in Siemens | cvebase