Heap Overflow Vulnerability in SCALANCE Network Switches by Siemens
CVE-2020-15800

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Scalance X-200 Switch Family (incl. Siplus Net Variants); Scalance X-200irt Switch Family (incl. Siplus Net Variants); Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)
Vendor: CVE Published:; 12 January 2021

What is CVE-2020-15800?

A vulnerability exists within the webserver of the SCALANCE X-200 and X-300 switch families, allowing attackers to exploit the system by sending specially crafted requests. This exploitation can lead to a heap overflow condition, which may temporarily disrupt the functionality of the webserver, posing significant risks to network integrity and uptime.

Affected Version(s)

SCALANCE X-200 switch family (incl. SIPLUS NET variants) All versions < V5.2.5

SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) All versions < V5.5.0

SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) All versions < V4.1.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-13962...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2021
Vulnerability Reserved
Jul 15, 2020