Siemens Scalance S612 vulnerabilities

6 known vulnerabilities affecting siemens/scalance_s612.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2019-6585MEDIUMCVSS 6.1vAll versions >= V3.0 and < V4.12020-03-10

CVE-2019-6585 [MEDIUM] CWE-80 CVE-2019-6585: A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S61 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitat

CVE-2019-13925HIGHCVSS 7.5vAll versions >= V3.0 and < V4.12020-02-11

CVE-2019-13925 [HIGH] CWE-400 CVE-2019-13925: A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S61 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server.

CVE-2019-13926HIGHCVSS 7.5vAll versions >= V3.0 and < V4.12020-02-11

CVE-2019-13926 [HIGH] CWE-400 CVE-2019-13926: A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S61 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device.

CVE-2019-13924MEDIUMCVSS 5.4vAll versions < V4.12020-02-11

CVE-2019-13924 [MEDIUM] CWE-693 CVE-2019-13924: A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versi A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5

CVE-2012-1799CRITICALCVSS 10.0vv22012-04-18

CVE-2012-1799 [CRITICAL] CWE-287 CVE-2012-1799: The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

CVE-2012-1800MEDIUMCVSS 6.1vv22012-04-18

CVE-2012-1800 [MEDIUM] CWE-119 CVE-2012-1800: Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Se Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame.