cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2019-6585,https://securityvulnerability.io/vulnerability/CVE-2019-6585,,"A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.",Siemens,"Scalance S602,Scalance S612,Scalance S623,Scalance S627-2m",6.1,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2020-03-10T19:16:17.000Z,0
CVE-2019-13925,https://securityvulnerability.io/vulnerability/CVE-2019-13925,,"A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server.",Siemens,"Scalance S602,Scalance S612,Scalance S623,Scalance S627-2m",7.5,HIGH,0.0007600000244565308,false,,false,false,false,,false,false,2020-02-11T15:36:10.000Z,0
CVE-2019-13926,https://securityvulnerability.io/vulnerability/CVE-2019-13926,,"A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device.",Siemens,"Scalance S602,Scalance S612,Scalance S623,Scalance S627-2m",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2020-02-11T15:36:10.000Z,0
CVE-2019-13924,https://securityvulnerability.io/vulnerability/CVE-2019-13924,,"A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.",Siemens,"Scalance S602,Scalance S612,Scalance S623,Scalance S627-2m,Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)",5.4,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2020-02-11T00:00:00.000Z,0
CVE-2018-16555,https://securityvulnerability.io/vulnerability/CVE-2018-16555,,"A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.",Siemens,"Scalance S602, Scalance S612, Scalance S623, Scalance S627-2m",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2018-12-13T16:00:00.000Z,0
CVE-2012-1799,https://securityvulnerability.io/vulnerability/CVE-2012-1799,,"The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.",Siemens,"Scalance S Firmware,Scalance S602,Scalance S612,Scalance S613",,,0.0064199999906122684,false,,false,false,false,,false,false,2012-04-18T10:00:00.000Z,0
CVE-2012-1800,https://securityvulnerability.io/vulnerability/CVE-2012-1800,,"Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame.",Siemens,"Scalance S Firmware,Scalance S602,Scalance S612,Scalance S613",,,0.03426000103354454,false,,false,false,false,,false,false,2012-04-18T10:00:00.000Z,0