CVE-2020-15800Heap-based Buffer Overflow in Siemens Scalance X200-4pirt Firmware

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
51
Siemens Scalance X200-4pirt FirmwareSiemens Scalance X201-3pirt FirmwareSiemens Scalance X202-2irt Firmware+48 more
Timeline
PublishedJan 12
Latest updateMay 24

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. T

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages51 packages

CVEListV5siemens/scalance_x-200irt_switch_familyAll versions < V5.5.0
CVEListV5siemens/scalance_x-200_switch_familyAll versions < V5.2.5
CVEListV5siemens/scalance_x-300_switch_familyAll versions < V4.1.0

🔴Vulnerability Details

2
GHSA
GHSA-g2fr-hgr5-r3hq: A vulnerability has been identified in SCALANCE X-200 switch family (incl2022-05-24
CVEList
CVE-2020-15800: A vulnerability has been identified in SCALANCE X-200 switch family (incl2021-01-12
CVE-2020-15800 — Heap-based Buffer Overflow in Siemens | cvebase