Denial of Service Risk in SCALANCE X-200 and X-200IRT Switch Family by Siemens
CVE-2019-10942

8.6HIGH

Key Information:

Vendor: Siemens
Status: Scalance X-200 Switch Family (incl. Siplus Net Variants); Scalance X-200irt Switch Family (incl. Siplus Net Variants); Scalance X204rna (hsr); Scalance X204rna (prp)
Vendor: CVE Published:; 13 August 2019

Summary

A vulnerability exists in Siemens SCALANCE X-200 and SCALANCE X-200IRT switch families, allowing a remote attacker with network access to initiate a denial-of-service condition. This can be achieved by repeatedly sending large message packets to the telnet service. The vulnerability affects multiple variants of the SCALANCE X-200 series, which could potentially compromise the availability of these devices. Exploitation does not require system privileges or user interaction, making the vulnerability particularly concerning for network security.

Affected Version(s)

SCALANCE X-200 switch family (incl. SIPLUS NET variants) All versions < V5.2.5

SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) All versions < V5.5.0

SCALANCE X204RNA (HSR) All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-10023...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2019
Vulnerability Reserved
Apr 8, 2019