VDB

CVE-2020-15800

CVE-2020-15800 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.

EPSS 0.68% · 71.9th percentile

Risk Scores

CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.68%
71.9th percentile

Affected Products

VendorProductVersions
siemensscalance_xb205-3ld_firmware0
siemensscalance_xc206-2g_poe__firmware0
siemensscalance_x202-2pirt_firmware0
siemensscalance_x308-2lh_firmware
siemensscalance_xf204irt_firmware0
siemensscalance_x310_firmware
siemensscalance_xc224-4c_g__firmware0
siemensscalance_xc224-4c_g_eec_firmware0
siemensscalance_xc208g_firmware0
siemensscalance_x200-4pirt_firmware0
siemensscalance_xf201-3p_irt_firmware0
siemensscalance_x308-2ld_firmware
siemensscalance_xf208_firmware0
siemensscalance_xc216_firmware0
siemensscalance_xc216-4c_firmware0
siemensscalance_xb213-3ld_firmware0
siemensscalance_xp208_firmware0
siemensscalance_x308-2m_firmware
siemensscalance_xc208eec_firmware0
siemensscalance_xc206-2sfp_g_eec_firmware0

…and 49 more

Timeline

  • Jan 12, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 27, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 2, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 5, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›