cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-28391,https://securityvulnerability.io/vulnerability/CVE-2020-28391,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family",5.9,MEDIUM,0.0018500000005587935,false,,false,false,false,,false,false,2021-01-12T00:00:00.000Z,0
CVE-2020-28395,https://securityvulnerability.io/vulnerability/CVE-2020-28395,,"A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.",Siemens,"Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)",5.9,MEDIUM,0.0018500000005587935,false,,false,false,false,,false,false,2021-01-12T00:00:00.000Z,0
CVE-2019-13924,https://securityvulnerability.io/vulnerability/CVE-2019-13924,,"A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.",Siemens,"Scalance S602,Scalance S612,Scalance S623,Scalance S627-2m,Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)",5.4,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2020-02-11T00:00:00.000Z,0
CVE-2018-4833,https://securityvulnerability.io/vulnerability/CVE-2018-4833,,"A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.",Siemens,"Rfid 181eip,Ruggedcom Win,Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. Siplus Net Variants),Scalance X408,Scalance X414,Simatic Rf182c",8.8,HIGH,0.0037299999967217445,false,,false,false,false,,false,false,2018-06-14T16:00:00.000Z,0
CVE-2018-4842,https://securityvulnerability.io/vulnerability/CVE-2018-4842,,"A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.",Siemens,"Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)",4.8,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2018-06-14T00:00:00.000Z,0
CVE-2018-4848,https://securityvulnerability.io/vulnerability/CVE-2018-4848,,"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.",Siemens,"Scalance X-200 Switch Family (incl. Siplus Net Variants),Scalance X-200irt Switch Family (incl. Siplus Net Variants),Scalance X-200rna Switch Family,Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)",6.1,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2018-06-14T00:00:00.000Z,0
CVE-2013-5709,https://securityvulnerability.io/vulnerability/CVE-2013-5709,,"The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.",Siemens,"Scalance X-200 Series Firmware,Scalance X-200,Scalance X-200rna,Scalance X200-4p Irt,Scalance X201-3p Irt,Scalance X202-2irt,Scalance X202-2p Irt,Scalance X204irt,Scalance Xf-200",,,0.00622999994084239,false,,false,false,false,,false,false,2013-09-17T10:00:00.000Z,0