CVE-2020-15800

  • Last update: Apr 13, 2023

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.

Software From Fixed in
siemens / scalance_x308-2m_firmware - -
siemens / scalance_x200-4pirt_firmware - 5.5.0
siemens / scalance_x201-3pirt_firmware - 5.5.0
siemens / scalance_x202-2irt_firmware - 5.5.0
siemens / scalance_x202-2pirt_firmware - 5.5.0
siemens / scalance_x202-2pirt_siplus_net_firmware - 5.5.0
siemens / scalance_x204irt_firmware - 5.5.0
siemens / scalance_x307-3_firmware - -
siemens / scalance_x307-3ld_firmware - -
siemens / scalance_x308-2_firmware - -
siemens / scalance_x308-2ld_firmware - -
siemens / scalance_x308-2lh_firmware - -
siemens / scalance_x308-2lh+_firmware - -
siemens / scalance_x308-2m_ts_firmware - -
siemens / scalance_x310_firmware - -
siemens / scalance_x310fe_firmware - -
siemens / scalance_x320-1fe_firmware - -
siemens / scalance_x320-3ldfe_firmware - -
siemens / scalance_xb205-3_firmware - 5.2.5
siemens / scalance_xb205-3ld_firmware - 5.2.5
siemens / scalance_xb208_firmware - 5.2.5
siemens / scalance_xb213-3_firmware - 5.2.5
siemens / scalance_xb213-3ld_firmware - 5.2.5
siemens / scalance_xb216_firmware - 5.2.5
siemens / scalance_xc206-2_firmware - 5.2.5
siemens / scalance_xc206-2g_poe__firmware - 5.2.5
siemens / scalance_xc206-2g_poe_eec_firmware - 5.2.5
siemens / scalance_xc206-2sfp_firmware - 5.2.5
siemens / scalance_xc206-2sfp_eec_firmware - 5.2.5
siemens / scalance_xc206-2sfp_g_firmware - 5.2.5
siemens / scalance_xc206-2sfp_g_(e/ip)_firmware - 5.2.5
siemens / scalance_xc206-2sfp_g_eec_firmware - 5.2.5
siemens / scalance_xc208_firmware - 5.2.5
siemens / scalance_xc208eec_firmware - 5.2.5
siemens / scalance_xc208g_firmware - 5.2.5
siemens / scalance_xc208g_(e/ip)_firmware - 5.2.5
siemens / scalance_xc208g_eec_firmware - 5.2.5
siemens / scalance_xc208g_poe_firmware - 5.2.5
siemens / scalance_xc216_firmware - 5.2.5
siemens / scalance_xc216-4c_firmware - 5.2.5
siemens / scalance_xc216-4c_g_firmware - 5.2.5
siemens / scalance_xc216-4c_g_(e/ip)_firmware - 5.2.5
siemens / scalance_xc216-4c_g_eec_firmware - 5.2.5
siemens / scalance_xc216eec_firmware - 5.2.5
siemens / scalance_xc224-4c_g__firmware - 5.2.5
siemens / scalance_xc224-4c_g_(e/ip)_firmware - 5.2.5
siemens / scalance_xc224-4c_g_eec_firmware - 5.2.5
siemens / scalance_xc224__firmware - 5.2.5
siemens / scalance_xf201-3p_irt_firmware - 5.2.5
siemens / scalance_xf202-2p_irt_firmware - 5.2.5
siemens / scalance_xf204_firmware - 5.2.5
siemens / scalance_xf204-2_firmware - 5.2.5
siemens / scalance_xf204-2ba_dna_firmware - 5.2.5
siemens / scalance_xf204-2ba_irt_firmware - 5.2.5
siemens / scalance_xf204_dna_firmware - 5.2.5
siemens / scalance_xf204irt_firmware - 5.2.5
siemens / scalance_xf206-1_firmware - 5.2.5
siemens / scalance_xf208_firmware - 5.2.5
siemens / scalance_xp208_firmware - 5.2.5
siemens / scalance_xp208_(eip)_firmware - 5.2.5
siemens / scalance_xp208eec_firmware - 5.2.5
siemens / scalance_xp208poe_eec_firmware - 5.2.5
siemens / scalance_xp216_firmware - 5.2.5
siemens / scalance_xp216_(eip)_firmware - 5.2.5
siemens / scalance_xp216eec_firmware - 5.2.5
siemens / scalance_xp216poe_eec_firmware - 5.2.5

Details

    • Severity: Critical
  • CVE: CVE-2020-15800
  • Published: Jan 12, 2021
  • Updated: Apr 13, 2023
  • Exploit:

CVSS v3

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs