Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-15799 (GCVE-0-2020-15799)
Vulnerability from cvelistv5
Published
2021-01-12 20:18
Modified
2024-08-04 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | SCALANCE X-200 switch family (incl. SIPLUS NET variants) |
Version: All versions < V5.2.5 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:21.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:08",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.5.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-15799",
"datePublished": "2021-01-12T20:18:33",
"dateReserved": "2020-07-15T00:00:00",
"dateUpdated": "2024-08-04T13:30:21.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-15799\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2021-01-12T21:15:16.370\",\"lastModified\":\"2024-11-21T05:06:12.267\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en la familia de switches (incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), familia de switches SCALANCE X-200IRT (incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.5.0). La vulnerabilidad podr\u00eda permitir a un atacante no autenticado reiniciar el dispositivo a trav\u00e9s de la red mediante el uso de direcciones URL especiales del servidor web integrado de los productos afectados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x200-4pirt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.5.0\",\"matchCriteriaId\":\"43B261ED-08C4-4A0D-8BAC-221006AB6F93\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x200-4pirt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FDCB432-1AD0-4BF1-839F-8091D9871831\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x201-3pirt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.5.0\",\"matchCriteriaId\":\"53F56390-77CB-42D5-A603-5FB29EE5DAA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x201-3pirt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47498977-D642-4864-BB94-4CE077EDEB82\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.5.0\",\"matchCriteriaId\":\"666FACCE-89EB-4E5D-A718-F1D4945F7DF4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8B1D979-038F-42F4-AB7D-E0664D051B4E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x202-2pirt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.5.0\",\"matchCriteriaId\":\"B79AD48F-2B99-4BE5-B3D7-440E2D3BC699\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x202-2pirt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7819B14-7E93-4D0F-AAD5-049BE3B36D07\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.5.0\",\"matchCriteriaId\":\"CD18B3BE-E98D-46D1-AA10-89EB89BAFFEB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x202-2pirt_siplus_net:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DABC3436-E04E-4B6C-9EF4-47B08C57B166\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.5.0\",\"matchCriteriaId\":\"0C94D093-9D17-47C9-A7F6-28FF241BF874\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9676DB10-982D-445F-9779-B39AE720AF2F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48D3EB09-6069-4289-A61E-C15B044EA2E2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7737F0C2-43FC-4330-88F2-9B08BA5B35D7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F045D6B1-459B-46F0-86DF-F9AA3CCEA9BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CCED3E4-38EF-4645-B25C-4F2C3D4E091C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40A1A5F9-4971-4E9D-BBE7-5A0357C56213\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1909FA-C8C6-46BE-83C6-2635D36FE69B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F53C74B-2154-417E-ACFE-01F0BACD3F15\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DDBD94D-5312-4A54-AF76-D9DF791C0292\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2lh\\\\+_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D76A2268-5397-466C-98B5-01B46B4840A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2lh\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85153EED-C677-495D-A6BB-72365DE1ED3F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F8888A7-3285-4ACA-A5AD-2B0578050C4C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC54911E-C432-48FA-9551-9644422FFE14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2C12934-E79C-41A4-B023-BADD7D68CB55\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFCCB68C-A58D-4543-A11F-721B01FFBBA4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D288227C-69C1-4248-AB4A-51F44A41FDEA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FE3716E-1C0A-4B72-809A-8318E5853FB1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27F765CD-B8A9-45B6-BA3C-C569FF0F8FF0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB34E83-83A3-45C3-B040-D8910971D439\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91EDD23A-1DBD-4117-9396-89ADBC705B3A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC54880F-CBF4-4772-A4FB-B07D97287D44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x320-3ldfe_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF07B014-1BA3-477E-A405-5DB35F68126A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x320-3ldfe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80502856-7617-4ED9-A103-681021131EE0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"7178F049-8E48-4175-AE8C-818128205D33\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xb205-3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9F9F101-6042-4D11-98CE-16A996023B38\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"D7327CDF-EF0D-443B-A822-D69669C3B80C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xb205-3ld:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18DC9125-FC41-4BAB-9638-C42DEF40235B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"C7DDB0D1-21AC-43AC-9DDF-C6D89D3F1AA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xb208:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C19D54A-8070-4EC6-9B30-B1B04A8BDABD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"7FAB9D2E-94BC-4C90-ADF3-27FB34FC23A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xb213-3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FF67A06-D93B-4E4E-A639-29E0E49654FE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"3003D9C7-A979-4289-AADD-190A55434F31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xb213-3ld:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EFCF766-E1D3-4BD5-A70C-3A824B7D45DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"1A0E6F26-15BE-4586-8ACD-1DAF9492A7D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xb216:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72EC10EB-0679-4AFE-ABC3-C58A68A0C4DD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"ED3A29A7-F1B0-4A2C-AB63-6E4A57A6864D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc206-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49C5CBD8-9799-4EBA-8297-EAE04F43DDD5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"4EFEB827-71F1-4DDF-B156-949AF8E39A34\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc206-2g_poe_:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39310380-7D17-46C5-B91A-DFDF602D56A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"1B191270-07F7-4173-833A-7F4929F643BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc206-2g_poe_eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C21EC27-F0A8-4DCA-88AD-92D07477B5AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc206-2sfp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"FC590D4F-C818-4CD8-A8E9-E2A951E5D768\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc206-2sfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"804E37AB-9EE4-4931-A874-4FBD427252D1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"6AABE919-D289-43CB-A285-3212E630B313\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc206-2sfp_eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC286693-55D6-4949-8164-262EB6C022C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"CA08C94B-BE44-49D1-AB10-7512F65D6DF1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc206-2sfp_g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC7B235D-0141-46E5-9057-2203555AE58A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\\\\(e\\\\/ip\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"578CE1DA-BA53-4EA5-AB2D-4670321DDF81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc206-2sfp_g_\\\\(e\\\\/ip\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB6B6ED1-7057-4240-B1C9-660173BF1A6A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"DFEA3FDE-9575-4E9B-BE5F-6BEB005381D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc206-2sfp_g_eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F7D1CCD-4DFD-4037-9BDC-65466D639456\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"5FC77B9E-9081-44E0-82AF-0411940B0684\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc208:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6A2B708-309D-4BE5-BAEE-7AE035A2ADD1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"ED6AD6D3-75AC-4C7E-9471-8288FB7AABA4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc208eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6550B2D-4B8E-414C-B4CB-7B12D6D4EA4A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"D51DCE8E-2E29-4969-A26B-A1A10220CA83\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc208g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E922B78-7951-4115-8985-D824F6DDE41B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc208g_\\\\(e\\\\/ip\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"F4F3FB17-F6E8-4BB1-B910-C9F03B936C32\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc208g_\\\\(e\\\\/ip\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62852B4B-AF5A-4967-AFC2-14CEC2F6972C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"DF97E576-EBD2-4F1F-BE8F-4254D134565B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc208g_eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CCF0CEF-2E48-472E-9BDE-6E63F4CEA467\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"0378595B-379F-4775-B5D9-CCAC4042F635\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc208g_poe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585424EB-F9AB-45FB-B5C5-78FE45E3341A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"8A03BBB2-9650-4C8A-A137-0C8AC6CDAD66\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc216:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ABC0D8D-4F32-487F-835C-DADAB647EC21\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"6BCD1CF2-F24A-4C47-9C88-340E67C77871\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc216-4c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7668BC0B-A47A-4E05-9933-51CD43F3B7BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"4DAD438B-DABE-4B9A-9CDB-9BAC16313F0F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc216-4c_g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78645734-50C1-4331-9FC4-AC8A8679B6AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc216-4c_g_\\\\(e\\\\/ip\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"E1F3FE19-E279-4280-8F67-0C085B083E10\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc216-4c_g_\\\\(e\\\\/ip\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22B8B758-9781-474E-93C3-17DDDF263CC2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"ED7BCCB2-CE77-45A3-A6E1-D591894847C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc216-4c_g_eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"323CEAEA-8122-43A5-BB87-97C7133FF510\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"E7C43419-B7AA-40EB-A40D-840F975BE2EC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc216eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BE498F8-A9D8-4A92-90CE-21BA30234947\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"580A5BD5-2E8E-4801-BFE8-7476088F4214\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc224-4c_g_:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7806CF9-4DA5-4090-84BD-D098C5FB1178\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc224-4c_g_\\\\(e\\\\/ip\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"FFAC6598-DDAC-4873-9545-39B0EF21D478\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc224-4c_g_\\\\(e\\\\/ip\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE4E3630-DB15-46EA-B320-E4E457240B9F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"561064E3-FC05-4028-B75D-4D2519FEFD24\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc224-4c_g_eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B0A02C9-A7CB-4CB3-B5DC-5FEE20A59208\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"4303ED83-6610-458F-BEE9-B99BA31DD962\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc224_:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39AB9EB3-0F05-41C2-A32F-27B6D0C9C039\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"475E5069-C120-4D49-AB9D-D3C3F94BD093\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41614C70-97B4-44C8-A441-530A413A26F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"274E5C49-CA32-44D2-A864-C99A48CAA869\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6751FB7D-C72C-4321-B535-5880FE696FC3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"8CD13707-1164-415E-9083-7946D151F1FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F1AE867-67B4-4871-BF56-88017533A737\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"3A09FF2D-F369-47B5-AEE4-A862BEDD9851\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69285324-4C0B-4BDC-B60D-F653679DD52D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"0BBC3005-41D0-4BA0-A146-E48E612CAF58\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf204-2ba_dna:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAF28152-D6CA-4D20-BDF1-1EF4B7D10429\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"85B917B7-81E1-4419-B493-1D321027017E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E6AFAA-B903-47BB-B0F3-7650B039C0FB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf204_dna_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"FCBEE10A-7E96-4239-AE6C-5FA9A6A32196\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf204_dna:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70D62F13-AD59-435E-851A-87A0A6E2FA3B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"42288C48-A2AA-4AA1-B5A2-F83C5A3689AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E5489B-277A-4D02-B4AB-4DB65969EED2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"CFCDC84E-0695-409A-844B-D24024CC33F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B40D2EB-5C69-47FA-801B-DC48407D418C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"A1DB6C03-71BF-4359-834B-384E78910E64\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"898613B2-4A9D-44B9-A3FC-4347A2AD7CAB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"8082D4C1-C59E-43B6-B11F-C814ACD00321\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xp208:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C7FB09-D247-48F0-B87C-6A478BDC0A5A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xp208_\\\\(eip\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"34349AEF-170F-432F-8D64-347F08536D3A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xp208_\\\\(eip\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17BD41C2-2398-4A03-9C5F-43AEF424261E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"EACF7493-4FE6-4902-9EE7-76F1B4AB118A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xp208eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B313A4C-D3E7-4964-BA51-3401546B36C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"3237051D-0342-4DB8-B4A1-40A3B33A67BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xp208poe_eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6E888EA-73A7-42B8-A617-621CF192F2A9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"4969C410-25DF-4BFA-9125-53D63B33691B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xp216:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E4D039-5BF8-469B-A6FE-A391A6D1BDA4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xp216_\\\\(eip\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"B4A2ED6E-6632-4DD9-A359-73EB28BB306B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xp216_\\\\(eip\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33D044BD-12AD-42C9-B01C-957BEC6C6790\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"3B54DF8C-BB5A-46AF-862D-DC8E984A05AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xp216eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12512EC4-FB7D-420F-9A8A-547562BE1B49\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.5\",\"matchCriteriaId\":\"6FF74FFD-81C8-4E63-8B7B-AEBD98AB34F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xp216poe_eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9BACE8C-6C69-4BC4-8F5B-1C74FA7EB339\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
gsd-2020-15799
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-15799",
"description": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.",
"id": "GSD-2020-15799"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-15799"
],
"details": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.",
"id": "GSD-2020-15799",
"modified": "2023-12-13T01:21:43.891697Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.5.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x200-4pirt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x200-4pirt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x201-3pirt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x201-3pirt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x202-2pirt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x202-2pirt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x202-2pirt_siplus_net:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x320-3ldfe_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x320-3ldfe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xb205-3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xb205-3ld:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xb208:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xb213-3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xb213-3ld:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xb216:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc206-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc206-2g_poe_:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc206-2g_poe_eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc206-2sfp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc206-2sfp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc206-2sfp_eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc206-2sfp_g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc206-2sfp_g_\\(e\\/ip\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc206-2sfp_g_eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc208:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc208eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc208g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc208g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc208g_\\(e\\/ip\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc208g_eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc208g_poe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc216:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc216-4c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc216-4c_g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc216-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc216-4c_g_\\(e\\/ip\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc216-4c_g_eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc216eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc224-4c_g_:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc224-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc224-4c_g_\\(e\\/ip\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc224-4c_g_eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc224_:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204-2ba_dna:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204_dna_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204_dna:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp208:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp208_\\(eip\\)_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp208_\\(eip\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp208eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp208poe_eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp216:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp216_\\(eip\\)_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp216_\\(eip\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp216eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp216poe_eec:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15799"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-07-28T14:34Z",
"publishedDate": "2021-01-12T21:15Z"
}
}
}
cnvd-2021-02596
Vulnerability from cnvd
Title
Scalance X Products关键功能认证缺失漏洞
Description
SCALANCE X是一个开关用于连接工业部件,例如:可编程逻辑控制器(plc)或人机界面(HMIs)。
Scalance X Products关键功能认证缺失漏洞,攻击者可利用该漏洞通过网络重新启动设备。
Severity
高
VLAI Severity ?
Patch Name
Scalance X Products关键功能认证缺失漏洞的补丁
Patch Description
SCALANCE X是一个开关用于连接工业部件,例如:可编程逻辑控制器(plc)或人机界面(HMIs)。
Scalance X Products关键功能认证缺失漏洞,攻击者可利用该漏洞通过网络重新启动设备。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布相关漏洞补丁链接,请及时更新: https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf
Impacted products
| Name | ['Siemens SCALANCE X-200IRT switch family (incl. SIPLUSNET variants)', 'Siemens SCALANCE X-200 switch family (incl. SIPLUSNET variants)'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-15799"
}
},
"description": "SCALANCE X\u662f\u4e00\u4e2a\u5f00\u5173\u7528\u4e8e\u8fde\u63a5\u5de5\u4e1a\u90e8\u4ef6\uff0c\u4f8b\u5982\uff1a\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668(plc)\u6216\u4eba\u673a\u754c\u9762(HMIs)\u3002\n\nScalance X Products\u5173\u952e\u529f\u80fd\u8ba4\u8bc1\u7f3a\u5931\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7f51\u7edc\u91cd\u65b0\u542f\u52a8\u8bbe\u5907\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-02596",
"openTime": "2021-01-13",
"patchDescription": "SCALANCE X\u662f\u4e00\u4e2a\u5f00\u5173\u7528\u4e8e\u8fde\u63a5\u5de5\u4e1a\u90e8\u4ef6\uff0c\u4f8b\u5982\uff1a\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668(plc)\u6216\u4eba\u673a\u754c\u9762(HMIs)\u3002\r\n\r\nScalance X Products\u5173\u952e\u529f\u80fd\u8ba4\u8bc1\u7f3a\u5931\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7f51\u7edc\u91cd\u65b0\u542f\u52a8\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Scalance X Products\u5173\u952e\u529f\u80fd\u8ba4\u8bc1\u7f3a\u5931\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SCALANCE X-200IRT switch family (incl. SIPLUSNET variants)",
"Siemens SCALANCE X-200 switch family (incl. SIPLUSNET variants)"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf",
"serverity": "\u9ad8",
"submitTime": "2021-01-13",
"title": "Scalance X Products\u5173\u952e\u529f\u80fd\u8ba4\u8bc1\u7f3a\u5931\u6f0f\u6d1e"
}
fkie_cve-2020-15799
Vulnerability from fkie_nvd
Published
2021-01-12 21:15
Modified
2024-11-21 05:06
Severity ?
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200-4pirt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43B261ED-08C4-4A0D-8BAC-221006AB6F93",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200-4pirt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDCB432-1AD0-4BF1-839F-8091D9871831",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x201-3pirt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F56390-77CB-42D5-A603-5FB29EE5DAA5",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x201-3pirt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47498977-D642-4864-BB94-4CE077EDEB82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "666FACCE-89EB-4E5D-A718-F1D4945F7DF4",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2pirt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B79AD48F-2B99-4BE5-B3D7-440E2D3BC699",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2pirt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7819B14-7E93-4D0F-AAD5-049BE3B36D07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD18B3BE-E98D-46D1-AA10-89EB89BAFFEB",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x202-2pirt_siplus_net:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DABC3436-E04E-4B6C-9EF4-47B08C57B166",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C94D093-9D17-47C9-A7F6-28FF241BF874",
"versionEndExcluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9676DB10-982D-445F-9779-B39AE720AF2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EF0738-C9EF-4E4B-A7E7-ECC1B5F0678A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48D3EB09-6069-4289-A61E-C15B044EA2E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7737F0C2-43FC-4330-88F2-9B08BA5B35D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F045D6B1-459B-46F0-86DF-F9AA3CCEA9BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCED3E4-38EF-4645-B25C-4F2C3D4E091C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A1A5F9-4971-4E9D-BBE7-5A0357C56213",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1909FA-C8C6-46BE-83C6-2635D36FE69B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F53C74B-2154-417E-ACFE-01F0BACD3F15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDBD94D-5312-4A54-AF76-D9DF791C0292",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2lh\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76A2268-5397-466C-98B5-01B46B4840A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2lh\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85153EED-C677-495D-A6BB-72365DE1ED3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8888A7-3285-4ACA-A5AD-2B0578050C4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC54911E-C432-48FA-9551-9644422FFE14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C12934-E79C-41A4-B023-BADD7D68CB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCB68C-A58D-4543-A11F-721B01FFBBA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D288227C-69C1-4248-AB4A-51F44A41FDEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE3716E-1C0A-4B72-809A-8318E5853FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27F765CD-B8A9-45B6-BA3C-C569FF0F8FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB34E83-83A3-45C3-B040-D8910971D439",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91EDD23A-1DBD-4117-9396-89ADBC705B3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC54880F-CBF4-4772-A4FB-B07D97287D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x320-3ldfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF07B014-1BA3-477E-A405-5DB35F68126A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x320-3ldfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80502856-7617-4ED9-A103-681021131EE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7178F049-8E48-4175-AE8C-818128205D33",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xb205-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F9F101-6042-4D11-98CE-16A996023B38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7327CDF-EF0D-443B-A822-D69669C3B80C",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xb205-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18DC9125-FC41-4BAB-9638-C42DEF40235B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DDB0D1-21AC-43AC-9DDF-C6D89D3F1AA1",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xb208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C19D54A-8070-4EC6-9B30-B1B04A8BDABD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FAB9D2E-94BC-4C90-ADF3-27FB34FC23A9",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xb213-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67A06-D93B-4E4E-A639-29E0E49654FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3003D9C7-A979-4289-AADD-190A55434F31",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xb213-3ld:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFCF766-E1D3-4BD5-A70C-3A824B7D45DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0E6F26-15BE-4586-8ACD-1DAF9492A7D7",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xb216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72EC10EB-0679-4AFE-ABC3-C58A68A0C4DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3A29A7-F1B0-4A2C-AB63-6E4A57A6864D",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc206-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49C5CBD8-9799-4EBA-8297-EAE04F43DDD5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFEB827-71F1-4DDF-B156-949AF8E39A34",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc206-2g_poe_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39310380-7D17-46C5-B91A-DFDF602D56A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B191270-07F7-4173-833A-7F4929F643BF",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc206-2g_poe_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21EC27-F0A8-4DCA-88AD-92D07477B5AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc206-2sfp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC590D4F-C818-4CD8-A8E9-E2A951E5D768",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc206-2sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "804E37AB-9EE4-4931-A874-4FBD427252D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AABE919-D289-43CB-A285-3212E630B313",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc206-2sfp_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC286693-55D6-4949-8164-262EB6C022C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA08C94B-BE44-49D1-AB10-7512F65D6DF1",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc206-2sfp_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7B235D-0141-46E5-9057-2203555AE58A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "578CE1DA-BA53-4EA5-AB2D-4670321DDF81",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc206-2sfp_g_\\(e\\/ip\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6B6ED1-7057-4240-B1C9-660173BF1A6A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEA3FDE-9575-4E9B-BE5F-6BEB005381D8",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc206-2sfp_g_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7D1CCD-4DFD-4037-9BDC-65466D639456",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC77B9E-9081-44E0-82AF-0411940B0684",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A2B708-309D-4BE5-BAEE-7AE035A2ADD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6AD6D3-75AC-4C7E-9471-8288FB7AABA4",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc208eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6550B2D-4B8E-414C-B4CB-7B12D6D4EA4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D51DCE8E-2E29-4969-A26B-A1A10220CA83",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc208g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E922B78-7951-4115-8985-D824F6DDE41B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc208g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F3FB17-F6E8-4BB1-B910-C9F03B936C32",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc208g_\\(e\\/ip\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "62852B4B-AF5A-4967-AFC2-14CEC2F6972C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF97E576-EBD2-4F1F-BE8F-4254D134565B",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc208g_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCF0CEF-2E48-472E-9BDE-6E63F4CEA467",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0378595B-379F-4775-B5D9-CCAC4042F635",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc208g_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "585424EB-F9AB-45FB-B5C5-78FE45E3341A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A03BBB2-9650-4C8A-A137-0C8AC6CDAD66",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ABC0D8D-4F32-487F-835C-DADAB647EC21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCD1CF2-F24A-4C47-9C88-340E67C77871",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc216-4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7668BC0B-A47A-4E05-9933-51CD43F3B7BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAD438B-DABE-4B9A-9CDB-9BAC16313F0F",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc216-4c_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78645734-50C1-4331-9FC4-AC8A8679B6AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc216-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F3FE19-E279-4280-8F67-0C085B083E10",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc216-4c_g_\\(e\\/ip\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "22B8B758-9781-474E-93C3-17DDDF263CC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7BCCB2-CE77-45A3-A6E1-D591894847C7",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc216-4c_g_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "323CEAEA-8122-43A5-BB87-97C7133FF510",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C43419-B7AA-40EB-A40D-840F975BE2EC",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc216eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE498F8-A9D8-4A92-90CE-21BA30234947",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "580A5BD5-2E8E-4801-BFE8-7476088F4214",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc224-4c_g_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7806CF9-4DA5-4090-84BD-D098C5FB1178",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc224-4c_g_\\(e\\/ip\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAC6598-DDAC-4873-9545-39B0EF21D478",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc224-4c_g_\\(e\\/ip\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4E3630-DB15-46EA-B320-E4E457240B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "561064E3-FC05-4028-B75D-4D2519FEFD24",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc224-4c_g_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0A02C9-A7CB-4CB3-B5DC-5FEE20A59208",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4303ED83-6610-458F-BEE9-B99BA31DD962",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc224_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39AB9EB3-0F05-41C2-A32F-27B6D0C9C039",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "475E5069-C120-4D49-AB9D-D3C3F94BD093",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41614C70-97B4-44C8-A441-530A413A26F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "274E5C49-CA32-44D2-A864-C99A48CAA869",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6751FB7D-C72C-4321-B535-5880FE696FC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD13707-1164-415E-9083-7946D151F1FC",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1AE867-67B4-4871-BF56-88017533A737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A09FF2D-F369-47B5-AEE4-A862BEDD9851",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69285324-4C0B-4BDC-B60D-F653679DD52D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BBC3005-41D0-4BA0-A146-E48E612CAF58",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_dna:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF28152-D6CA-4D20-BDF1-1EF4B7D10429",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85B917B7-81E1-4419-B493-1D321027017E",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204_dna_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBEE10A-7E96-4239-AE6C-5FA9A6A32196",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204_dna:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70D62F13-AD59-435E-851A-87A0A6E2FA3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42288C48-A2AA-4AA1-B5A2-F83C5A3689AE",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDC84E-0695-409A-844B-D24024CC33F2",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B40D2EB-5C69-47FA-801B-DC48407D418C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB6C03-71BF-4359-834B-384E78910E64",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8082D4C1-C59E-43B6-B11F-C814ACD00321",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C7FB09-D247-48F0-B87C-6A478BDC0A5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp208_\\(eip\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34349AEF-170F-432F-8D64-347F08536D3A",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp208_\\(eip\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "17BD41C2-2398-4A03-9C5F-43AEF424261E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EACF7493-4FE6-4902-9EE7-76F1B4AB118A",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp208eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B313A4C-D3E7-4964-BA51-3401546B36C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3237051D-0342-4DB8-B4A1-40A3B33A67BB",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp208poe_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E888EA-73A7-42B8-A617-621CF192F2A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4969C410-25DF-4BFA-9125-53D63B33691B",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67E4D039-5BF8-469B-A6FE-A391A6D1BDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp216_\\(eip\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A2ED6E-6632-4DD9-A359-73EB28BB306B",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp216_\\(eip\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "33D044BD-12AD-42C9-B01C-957BEC6C6790",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B54DF8C-BB5A-46AF-862D-DC8E984A05AB",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp216eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12512EC4-FB7D-420F-9A8A-547562BE1B49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF74FFD-81C8-4E63-8B7B-AEBD98AB34F7",
"versionEndExcluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp216poe_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9BACE8C-6C69-4BC4-8F5B-1C74FA7EB339",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la familia de switches (incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.2.5), familia de switches SCALANCE X-200IRT (incluyendo las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.5.0). La vulnerabilidad podr\u00eda permitir a un atacante no autenticado reiniciar el dispositivo a trav\u00e9s de la red mediante el uso de direcciones URL especiales del servidor web integrado de los productos afectados"
}
],
"id": "CVE-2020-15799",
"lastModified": "2024-11-21T05:06:12.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T21:15:16.370",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
icsa-21-012-05
Vulnerability from csaf_cisa
Published
2021-01-12 00:00
Modified
2025-05-06 06:00
Summary
Siemens SCALANCE X Products (Update B)
Notes
Summary
Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.
An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.\n\nAn unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-139628.json"
},
{
"category": "self",
"summary": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-139628.txt"
},
{
"category": "self",
"summary": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-012-05 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-012-05.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-012-05 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-012-05"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SCALANCE X Products (Update B)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-012-05",
"initial_release_date": "2021-01-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-01-12T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-02-09T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added update information for SCALANCE X-200IRT switch family"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solution for SCALANCE X-200 switch family"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "4",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.5",
"product": {
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.0",
"product": {
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1.0",
"product": {
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15799",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-15799 - SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"summary": "CVE-2020-15799 - SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"summary": "CVE-2020-15799 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15799.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5.2.5 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "mitigation",
"details": "Limit network traffic of web servers of Scalance X switches to trusted connections by firewall rules (port 443/tcp).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-15799"
},
{
"cve": "CVE-2020-15800",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"summary": "CVE-2020-15800 - SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"summary": "CVE-2020-15800 - SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"summary": "CVE-2020-15800 - SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773547/"
},
{
"summary": "CVE-2020-15800 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15800.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5.2.5 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.0 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773547/"
},
{
"category": "mitigation",
"details": "Limit network traffic of web servers of Scalance X switches to trusted connections by firewall rules (port 443/tcp).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"title": "CVE-2020-15800"
},
{
"cve": "CVE-2020-25226",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-25226 - SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"summary": "CVE-2020-25226 - SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"summary": "CVE-2020-25226 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-25226.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5.2.5 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "mitigation",
"details": "Limit network traffic of web servers of Scalance X switches to trusted connections by firewall rules (port 443/tcp).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-25226"
}
]
}
ICSA-21-012-05
Vulnerability from csaf_cisa
Published
2021-01-12 00:00
Modified
2025-05-06 06:00
Summary
Siemens SCALANCE X Products (Update B)
Notes
Summary
Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.
An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.\n\nAn unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-139628.json"
},
{
"category": "self",
"summary": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-139628.txt"
},
{
"category": "self",
"summary": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-012-05 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-012-05.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-012-05 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-012-05"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SCALANCE X Products (Update B)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-012-05",
"initial_release_date": "2021-01-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-01-12T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-02-09T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added update information for SCALANCE X-200IRT switch family"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solution for SCALANCE X-200 switch family"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "4",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.5",
"product": {
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.0",
"product": {
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1.0",
"product": {
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15799",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-15799 - SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"summary": "CVE-2020-15799 - SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"summary": "CVE-2020-15799 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15799.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5.2.5 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "mitigation",
"details": "Limit network traffic of web servers of Scalance X switches to trusted connections by firewall rules (port 443/tcp).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-15799"
},
{
"cve": "CVE-2020-15800",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"summary": "CVE-2020-15800 - SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"summary": "CVE-2020-15800 - SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"summary": "CVE-2020-15800 - SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773547/"
},
{
"summary": "CVE-2020-15800 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15800.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5.2.5 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.0 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773547/"
},
{
"category": "mitigation",
"details": "Limit network traffic of web servers of Scalance X switches to trusted connections by firewall rules (port 443/tcp).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"title": "CVE-2020-15800"
},
{
"cve": "CVE-2020-25226",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-25226 - SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"summary": "CVE-2020-25226 - SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"summary": "CVE-2020-25226 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-25226.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5.2.5 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "mitigation",
"details": "Limit network traffic of web servers of Scalance X switches to trusted connections by firewall rules (port 443/tcp).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-25226"
}
]
}
CERTFR-2021-AVI-018
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Les commutateurs de la famille SCALANCE X-200IRT (inclus les variants SIPLUSNET) | ||
| Siemens | N/A | Les commutateurs de la famille SCALANCE X-300 (inclus les variants X408 et SIPLUS NET) versions antérieures à V4.1.0 | ||
| Siemens | N/A | Solid Edge versions antérieures à SE2021MP2 | ||
| Siemens | N/A | T2Go versions antérieures à V13.1.0 | ||
| Siemens | N/A | Teamcenter Visualization versions antérieures à V13.1.0 (cette version reste vulnérable aux vulnérabilités CVE-2020-26989, CVE-2020-26990 et CVE-2020-26991) | ||
| Siemens | N/A | Les commutateurs de la famille SCALANCE X-200 (inclus les variants SIPLUSNET) |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Les commutateurs de la famille SCALANCE X-200IRT (inclus les variants SIPLUSNET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les commutateurs de la famille SCALANCE X-300 (inclus les variants X408 et SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge versions ant\u00e9rieures \u00e0 SE2021MP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "T2Go versions ant\u00e9rieures \u00e0 V13.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions ant\u00e9rieures \u00e0 V13.1.0 (cette version reste vuln\u00e9rable aux vuln\u00e9rabilit\u00e9s CVE-2020-26989, CVE-2020-26990 et CVE-2020-26991)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les commutateurs de la famille SCALANCE X-200 (inclus les variants SIPLUSNET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-25226",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25226"
},
{
"name": "CVE-2020-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26996"
},
{
"name": "CVE-2020-26984",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26984"
},
{
"name": "CVE-2020-26983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26983"
},
{
"name": "CVE-2020-26989",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26989"
},
{
"name": "CVE-2020-26988",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26988"
},
{
"name": "CVE-2020-28381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28381"
},
{
"name": "CVE-2020-28382",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28382"
},
{
"name": "CVE-2020-28383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28383"
},
{
"name": "CVE-2020-28384",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28384"
},
{
"name": "CVE-2020-26994",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26994"
},
{
"name": "CVE-2020-26987",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26987"
},
{
"name": "CVE-2020-15800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15800"
},
{
"name": "CVE-2020-15799",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15799"
},
{
"name": "CVE-2020-26985",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26985"
},
{
"name": "CVE-2020-26991",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26991"
},
{
"name": "CVE-2020-26986",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26986"
},
{
"name": "CVE-2020-28395",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28395"
},
{
"name": "CVE-2020-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26982"
},
{
"name": "CVE-2020-26981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26981"
},
{
"name": "CVE-2020-26995",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26995"
},
{
"name": "CVE-2020-26992",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26992"
},
{
"name": "CVE-2020-28391",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28391"
},
{
"name": "CVE-2020-26990",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26990"
},
{
"name": "CVE-2020-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26993"
},
{
"name": "CVE-2020-26980",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26980"
},
{
"name": "CVE-2020-28386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28386"
}
],
"initial_release_date": "2021-01-12T00:00:00",
"last_revision_date": "2021-01-12T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-274900 du 12 janvier 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-622830 du 12 janvier 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-139628 du 12 janvier 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-979834 du 12 janvier 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
}
]
}
ssa-139628
Vulnerability from csaf_siemens
Published
2021-01-12 00:00
Modified
2021-09-14 00:00
Summary
SSA-139628: Vulnerabilities in Web Server for Scalance X Products
Notes
Summary
Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.
An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "Siemens Security Advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.\n\nAn unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
},
{
"category": "self",
"summary": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-139628.txt"
},
{
"category": "self",
"summary": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-139628.json"
}
],
"title": "SSA-139628: Vulnerabilities in Web Server for Scalance X Products",
"tracking": {
"current_release_date": "2021-09-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-139628",
"initial_release_date": "2021-01-12T00:00:00Z",
"revision_history": [
{
"date": "2021-01-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-02-09T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added update information for SCALANCE X-200IRT switch family"
},
{
"date": "2021-09-14T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solution for SCALANCE X-200 switch family"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V5.2.5",
"product": {
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V5.5.0",
"product": {
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V4.1.0",
"product": {
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15799",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2020-15799 - SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"summary": "CVE-2020-15799 - SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"summary": "CVE-2020-15799 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15799.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5.2.5 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "mitigation",
"details": "Limit network traffic of web servers of Scalance X switches to trusted connections by firewall rules (port 443/tcp).",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2020-15799"
},
{
"cve": "CVE-2020-15800",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"references": [
{
"summary": "CVE-2020-15800 - SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"summary": "CVE-2020-15800 - SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"summary": "CVE-2020-15800 - SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773547/"
},
{
"summary": "CVE-2020-15800 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15800.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5.2.5 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.0 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109773547/"
},
{
"category": "mitigation",
"details": "Limit network traffic of web servers of Scalance X switches to trusted connections by firewall rules (port 443/tcp).",
"product_ids": [
"1",
"2",
"3"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2020-15800"
},
{
"cve": "CVE-2020-25226",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2020-25226 - SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"summary": "CVE-2020-25226 - SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"summary": "CVE-2020-25226 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-25226.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5.2.5 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109801131/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "mitigation",
"details": "Limit network traffic of web servers of Scalance X switches to trusted connections by firewall rules (port 443/tcp).",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2020-25226"
}
]
}
var-202101-0138
Vulnerability from variot
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products. SCALANCE X-200 and SCALANCE X-200IRT A vulnerability exists in the switch family regarding the lack of authentication for critical features.Denial of service (DoS) It may be put into a state. SCALANCE X is a switch used to connect industrial components, such as programmable logic controllers (plc) or human machine interfaces (HMIs)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0138",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance xp216eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xb213-3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xp216 \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x202-2pirt siplus net",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance xc216-4c g eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf204-2ba dna",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc206-2g poe",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xb205-3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc206-2sfp g",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf201-3p irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x200-4pirt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance xc208g",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x310",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xf202-2p irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xp208eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf204irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf204",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x308-2lh\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc208g poe",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc208",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x308-2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x308-2m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2g poe eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x308-2lh",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc208eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc224",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc216-4c g \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x310fe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xp208 \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xp208",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x307-3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x201-3pirt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance x204irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance xb208",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x202-2pirt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance xp216poe eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xp216",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xb205-3ld",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x308-2ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x202-2irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5.0"
},
{
"model": "scalance x320-3ldfe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc216-4c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc224-4c g",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc206-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc224-4c g eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc216eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x307-3ld",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xb213-3ld",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc206-2sfp g \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc208g eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf204 dna",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf206-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf204-2ba irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc206-2sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf208",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xp208poe eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x308-2m ts",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc216-4c g",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xb216",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc208g \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xf204-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x320-1fe",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xc206-2sfp g eec",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance xc224-4c g \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.5"
},
{
"model": "scalance x307-3ld",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x201-3pirt",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x200-4pirt",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x202-2pirt",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x204irt",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siplus net scalance x202-2pirt",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x308-2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x202-2irt",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x308-2ld",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x307-3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance x-200irt switch family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance switch family",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-200"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-02596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"db": "NVD",
"id": "CVE-2020-15799"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-856"
}
],
"trust": 0.6
},
"cve": "CVE-2020-15799",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-15799",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-02596",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-15799",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-15799",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-15799",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-15799",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-02596",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-856",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-02596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-856"
},
{
"db": "NVD",
"id": "CVE-2020-15799"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products. SCALANCE X-200 and SCALANCE X-200IRT A vulnerability exists in the switch family regarding the lack of authentication for critical features.Denial of service (DoS) It may be put into a state. SCALANCE X is a switch used to connect industrial components, such as programmable logic controllers (plc) or human machine interfaces (HMIs)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-15799"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"db": "CNVD",
"id": "CNVD-2021-02596"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-15799",
"trust": 3.0
},
{
"db": "SIEMENS",
"id": "SSA-139628",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015540",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-02596",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-012-05",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0127",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-856",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-02596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-856"
},
{
"db": "NVD",
"id": "CVE-2020-15799"
}
]
},
"id": "VAR-202101-0138",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-02596"
}
],
"trust": 1.2641418511111109
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-02596"
}
]
},
"last_update_date": "2024-11-23T19:39:47.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-139628",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
},
{
"title": "Patch for Scalance X Products key function certification missing vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/244024"
},
{
"title": "Multiple Siemens SCALANCE Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139366"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-02596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-856"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"db": "NVD",
"id": "CVE-2020-15799"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15799"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0127/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-02596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-856"
},
{
"db": "NVD",
"id": "CVE-2020-15799"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-02596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-856"
},
{
"db": "NVD",
"id": "CVE-2020-15799"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-02596"
},
{
"date": "2021-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"date": "2021-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-856"
},
{
"date": "2021-01-12T21:15:16.370000",
"db": "NVD",
"id": "CVE-2020-15799"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-02596"
},
{
"date": "2021-10-04T05:21:00",
"db": "JVNDB",
"id": "JVNDB-2020-015540"
},
{
"date": "2021-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-856"
},
{
"date": "2024-11-21T05:06:12.267000",
"db": "NVD",
"id": "CVE-2020-15799"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-856"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SCALANCE\u00a0X-200\u00a0 and \u00a0SCALANCE\u00a0X-200IRT\u00a0 Vulnerability in lack of authentication for critical features in the switch family",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015540"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-856"
}
],
"trust": 0.6
}
}
ghsa-2jjq-jgq8-2h5h
Vulnerability from github
Published
2022-05-24 17:38
Modified
2022-07-29 00:00
Severity ?
VLAI Severity ?
Details
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.
{
"affected": [],
"aliases": [
"CVE-2020-15799"
],
"database_specific": {
"cwe_ids": [
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-12T21:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.",
"id": "GHSA-2jjq-jgq8-2h5h",
"modified": "2022-07-29T00:00:35Z",
"published": "2022-05-24T17:38:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15799"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…