CVE-2020-15800

CVSS V2 High 9.3 CVSS V3 Critical 9.8
Description
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.
Overview
  • CVE ID
  • CVE-2020-15800
  • Assigner
  • productcert@siemens.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-01-12T21:15:16
  • Last Modified Date
  • 2022-07-01T18:53:35
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:siemens:scalance_x200-4pirt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x200-4pirt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x201-3pirt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x201-3pirt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x202-2pirt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x202-2pirt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x202-2pirt_siplus_net:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2lh\+_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2lh\+:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x320-3ldfe_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x320-3ldfe:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb205-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb205-3ld:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb208:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb213-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb213-3ld:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb216:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2g_poe_:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2g_poe_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp_g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp_g_\(e\/ip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp_g_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208g_\(e\/ip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208g_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208g_poe:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216-4c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216-4c_g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216-4c_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216-4c_g_\(e\/ip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216-4c_g_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc224-4c_g_:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc224-4c_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc224-4c_g_\(e\/ip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc224-4c_g_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc224_:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204-2ba_dna:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204_dna_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204_dna:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp208:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp208_\(eip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp208_\(eip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp208eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp208poe_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp216:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp216_\(eip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp216_\(eip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp216eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp216poe_eec:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf Vendor Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 16:05:48 Added to TrackCVE
2022-12-05 19:56:38 2021-01-12T21:15Z 2021-01-12T21:15:16 CVE Published Date updated
2022-12-05 19:56:38 2022-07-01T18:53:35 CVE Modified Date updated
2022-12-05 19:56:38 Analyzed Vulnerability Status updated