CVE-2020-15800

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
siemensCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
siemensscalance_x200-4pirt_firmware
𝑥
< 5.5.0
siemensscalance_x201-3pirt_firmware
𝑥
< 5.5.0
siemensscalance_x202-2irt_firmware
𝑥
< 5.5.0
siemensscalance_x202-2pirt_firmware
𝑥
< 5.5.0
siemensscalance_x202-2pirt_siplus_net_firmware
𝑥
< 5.5.0
siemensscalance_x204irt_firmware
𝑥
< 5.5.0
siemensscalance_x307-3_firmware
*
siemensscalance_x307-3ld_firmware
*
siemensscalance_x308-2_firmware
*
siemensscalance_x308-2ld_firmware
*
siemensscalance_x308-2lh_firmware
*
siemensscalance_x308-2lh\+_firmware
*
siemensscalance_x308-2m_firmware
*
siemensscalance_x308-2m_ts_firmware
*
siemensscalance_x310_firmware
*
siemensscalance_x310fe_firmware
*
siemensscalance_x320-1fe_firmware
*
siemensscalance_x320-3ldfe_firmware
*
siemensscalance_xb205-3_firmware
𝑥
< 5.2.5
siemensscalance_xb205-3ld_firmware
𝑥
< 5.2.5
siemensscalance_xb208_firmware
𝑥
< 5.2.5
siemensscalance_xb213-3_firmware
𝑥
< 5.2.5
siemensscalance_xb213-3ld_firmware
𝑥
< 5.2.5
siemensscalance_xb216_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2g_poe__firmware
𝑥
< 5.2.5
siemensscalance_xc206-2g_poe_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_g_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_g_\(e\/ip\)_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_g_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc208_firmware
𝑥
< 5.2.5
siemensscalance_xc208eec_firmware
𝑥
< 5.2.5
siemensscalance_xc208g_firmware
𝑥
< 5.2.5
siemensscalance_xc208g_\(e\/ip\)_firmware
𝑥
< 5.2.5
siemensscalance_xc208g_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc208g_poe_firmware
𝑥
< 5.2.5
siemensscalance_xc216_firmware
𝑥
< 5.2.5
siemensscalance_xc216-4c_firmware
𝑥
< 5.2.5
siemensscalance_xc216-4c_g_firmware
𝑥
< 5.2.5
siemensscalance_xc216-4c_g_\(e\/ip\)_firmware
𝑥
< 5.2.5
siemensscalance_xc216-4c_g_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc216eec_firmware
𝑥
< 5.2.5
siemensscalance_xc224-4c_g__firmware
𝑥
< 5.2.5
siemensscalance_xc224-4c_g_\(e\/ip\)_firmware
𝑥
< 5.2.5
siemensscalance_xc224-4c_g_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc224__firmware
𝑥
< 5.2.5
siemensscalance_xf201-3p_irt_firmware
𝑥
< 5.2.5
siemensscalance_xf202-2p_irt_firmware
𝑥
< 5.2.5
siemensscalance_xf204_firmware
𝑥
< 5.2.5
siemensscalance_xf204-2_firmware
𝑥
< 5.2.5
siemensscalance_xf204-2ba_dna_firmware
𝑥
< 5.2.5
siemensscalance_xf204-2ba_irt_firmware
𝑥
< 5.2.5
siemensscalance_xf204_dna_firmware
𝑥
< 5.2.5
siemensscalance_xf204irt_firmware
𝑥
< 5.2.5
siemensscalance_xf206-1_firmware
𝑥
< 5.2.5
siemensscalance_xf208_firmware
𝑥
< 5.2.5
siemensscalance_xp208_firmware
𝑥
< 5.2.5
siemensscalance_xp208_\(eip\)_firmware
𝑥
< 5.2.5
siemensscalance_xp208eec_firmware
𝑥
< 5.2.5
siemensscalance_xp208poe_eec_firmware
𝑥
< 5.2.5
siemensscalance_xp216_firmware
𝑥
< 5.2.5
siemensscalance_xp216_\(eip\)_firmware
𝑥
< 5.2.5
siemensscalance_xp216eec_firmware
𝑥
< 5.2.5
siemensscalance_xp216poe_eec_firmware
𝑥
< 5.2.5
𝑥
= Vulnerable software versions