Siemens Scalance S612 Firmware vulnerabilities

5 known vulnerabilities affecting siemens/scalance_s612_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-3449MEDIUMCVSS 5.9≥ 4.12021-03-25
CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr
nvd
CVE-2019-6585MEDIUMCVSS 6.1≥ 3.0, < 4.12020-03-10
CVE-2019-6585 [MEDIUM] CWE-80 CVE-2019-6585: A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S61 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitat
nvd
CVE-2019-13925HIGHCVSS 7.5≥ 3.0, < 4.12020-02-11
CVE-2019-13925 [HIGH] CWE-400 CVE-2019-13925: A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S61 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server.
nvd
CVE-2019-13926HIGHCVSS 7.5≥ 3.0, < 4.12020-02-11
CVE-2019-13926 [HIGH] CWE-400 CVE-2019-13926: A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S61 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device.
nvd
CVE-2018-16555MEDIUMCVSS 5.4fixed in 4.0.1.12018-12-13
CVE-2018-16555 [MEDIUM] CWE-80 CVE-2018-16555: A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All v A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User i
nvd