Siemens Scalance Xf-200Ba Firmware vulnerabilities

5 known vulnerabilities affecting siemens/scalance_xf-200ba_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-28400HIGHCVSS 8.7fixed in 4.32021-07-13
CVE-2020-28400 [HIGH] CWE-770 CVE-2020-28400: Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.
nvd
CVE-2021-3449MEDIUMCVSS 5.9fixed in 4.32021-03-25
CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr
nvd
CVE-2021-25667HIGHCVSS 8.8fixed in 4.12021-03-15
CVE-2021-25667 [HIGH] CWE-121 CVE-2021-25667: A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and = V4.3 and = V4.3 and = V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions
nvd
CVE-2019-13946HIGHCVSS 7.5fixed in 3.02020-02-11
CVE-2019-13946 [HIGH] CWE-400 CVE-2019-13946: Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation wh Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be
nvd
CVE-2019-10927MEDIUMCVSS 6.5v4.12019-08-13
CVE-2019-10927 [MEDIUM] CWE-703 CVE-2019-10927: A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-2 A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be e
nvd