Network Reboot Vulnerability in SCALANCE X-200 Switch Family by Siemens
CVE-2020-15799

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance X-200 Switch Family (incl. Siplus Net Variants); Scalance X-200irt Switch Family (incl. Siplus Net Variants)
Vendor: CVE Published:; 12 January 2021

Summary

A serious vulnerability exists in the SCALANCE X-200 switch family, including SIPLUS NET variants, which could allow an unauthenticated attacker to remotely reboot the device via special URLs sent through the integrated web server. This security issue affects all versions prior to V5.2.5 for the SCALANCE X-200 and prior to V5.5.0 for the SCALANCE X-200IRT. Organizations using these switches should assess their network security and apply necessary patches to mitigate potential risks.

Affected Version(s)

SCALANCE X-200 switch family (incl. SIPLUS NET variants) All versions < V5.2.5

SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) All versions < V5.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-13962...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2021
Vulnerability Reserved
Jul 15, 2020