Siemens Scalance Sc-600 Firmware vulnerabilities
6 known vulnerabilities affecting siemens/scalance_sc-600_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-36323HIGHCVSS 7.2fixed in 2.3.12022-08-10
CVE-2022-36323 [HIGH] CWE-74 CVE-2022-36323: Affected devices do not properly sanitize an input field. This could allow an authenticated remote
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.
nvd
CVE-2022-36325MEDIUMCVSS 4.8fixed in 2.3.12022-08-10
CVE-2022-36325 [MEDIUM] CWE-80 CVE-2022-36325: Affected devices do not properly sanitize data introduced by an user when rendering the web interfac
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.
nvd
CVE-2021-3449MEDIUMCVSS 5.9≥ 2.02021-03-25
CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr
nvd
CVE-2021-25676HIGHCVSS 7.5≥ 2.1, < 2.1.32021-03-15
CVE-2021-25676 [HIGH] CWE-307 CVE-2021-25676: A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.
nvd
CVE-2019-10928MEDIUMCVSS 6.6v2.02019-08-13
CVE-2019-10928 [MEDIUM] CWE-703 CVE-2019-10928: A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access
A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. N
nvd
CVE-2018-5391HIGHCVSS 7.5Exploitedfixed in 2.02018-09-06
CVE-2018-5391 [HIGH] CWE-400 CVE-2018-5391: The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of speci
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current
nvd