Buffer Overflow Vulnerability in SCALANCE X-200 and X-200IRT Switch Families by Siemens
CVE-2020-25226

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Scalance X-200 Switch Family (incl. Siplus Net Variants); Scalance X-200irt Switch Family (incl. Siplus Net Variants)
Vendor: CVE Published:; 12 January 2021

Summary

A buffer overflow vulnerability has been identified within the web server of the SCALANCE X-200 and X-200IRT switch families provided by Siemens. This flaw affects all versions of the SCALANCE X-200 switch family prior to V5.2.5 and the X-200IRT switch family versions prior to V5.5.0. An attacker can exploit this vulnerability by sending a specially crafted request to the web server, potentially causing it to become unresponsive and unable to recover. Organizations utilizing these switches are advised to implement security measures and consider updating their systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

SCALANCE X-200 switch family (incl. SIPLUS NET variants) All versions < V5.2.5

SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) All versions < V5.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-13962...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2021
Vulnerability Reserved
Sep 10, 2020