cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-25226,https://securityvulnerability.io/vulnerability/CVE-2020-25226,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants)",9.8,CRITICAL,0.0019199999514967203,false,,false,false,false,,false,false,2021-01-12T20:18:33.000Z,0
CVE-2020-15799,https://securityvulnerability.io/vulnerability/CVE-2020-15799,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants)",6.5,MEDIUM,0.0010300000431016088,false,,false,false,false,,false,false,2021-01-12T20:18:33.000Z,0
CVE-2020-15800,https://securityvulnerability.io/vulnerability/CVE-2020-15800,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)",9.8,CRITICAL,0.0019199999514967203,false,,false,false,false,,false,false,2021-01-12T20:18:33.000Z,0
CVE-2020-28391,https://securityvulnerability.io/vulnerability/CVE-2020-28391,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family",5.9,MEDIUM,0.0018500000005587935,false,,false,false,false,,false,false,2021-01-12T00:00:00.000Z,0
CVE-2019-13924,https://securityvulnerability.io/vulnerability/CVE-2019-13924,,"A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.",Siemens,"Scalance S602,Scalance S612,Scalance S623,Scalance S627-2m,Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)",5.4,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2020-02-11T00:00:00.000Z,0
CVE-2019-10942,https://securityvulnerability.io/vulnerability/CVE-2019-10942,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X204rna (hsr),Scalance X204rna (prp),Scalance X204rna Eec (hsr),Scalance X204rna Eec (prp),Scalance X204rna Eec (prp/hsr)",8.6,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2019-08-13T18:55:57.000Z,0
CVE-2019-6567,https://securityvulnerability.io/vulnerability/CVE-2019-6567,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants),Scalance X-414-3e",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2019-06-12T13:47:56.000Z,0
CVE-2018-4833,https://securityvulnerability.io/vulnerability/CVE-2018-4833,,"A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.",Siemens,"Rfid 181eip,Ruggedcom Win,Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. Siplus Net Variants),Scalance X408,Scalance X414,Simatic Rf182c",8.8,HIGH,0.0037299999967217445,false,,false,false,false,,false,false,2018-06-14T16:00:00.000Z,0
CVE-2018-4842,https://securityvulnerability.io/vulnerability/CVE-2018-4842,,"A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.",Siemens,"Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)",4.8,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2018-06-14T00:00:00.000Z,0
CVE-2018-4848,https://securityvulnerability.io/vulnerability/CVE-2018-4848,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)",6.1,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2018-06-14T00:00:00.000Z,0