CVE-2020-15799Missing Authentication for Critical Function in Siemens Scalance X200-4pirt Firmware

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 34.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
50
Siemens Scalance X200-4pirt FirmwareSiemens Scalance X201-3pirt FirmwareSiemens Scalance X202-2irt Firmware+47 more
Timeline
PublishedJan 12
Latest updateMay 24

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages50 packages

CVEListV5siemens/scalance_x-200irt_switch_familyAll versions < V5.5.0
CVEListV5siemens/scalance_x-200_switch_familyAll versions < V5.2.5

🔴Vulnerability Details

2
GHSA
GHSA-2jjq-jgq8-2h5h: A vulnerability has been identified in SCALANCE X-200 switch family (incl2022-05-24
CVEList
CVE-2020-15799: A vulnerability has been identified in SCALANCE X-200 switch family (incl2021-01-12
CVE-2020-15799 — Siemens vulnerability | cvebase