CVE-2012-1802
Siemens Scalance X Industrial Ethernet Switch Firmware < 3.7.2 - Buffer Overflow via Malformed URL
Title source: llmDescription
Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81032
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-04.pdf
Vendor Advisory x_refsource_confirm
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf
Scores
EPSS
0.0266
EPSS Percentile
86.0%
Details
CWE
CWE-119
Status
published
Products (31)
siemens/scalance_x-300
siemens/scalance_x-300_firmware
2.2.0
siemens/scalance_x-300_firmware
2.3.1
siemens/scalance_x-300_firmware
3.0.0
siemens/scalance_x-300_firmware
3.3.1
siemens/scalance_x-300_firmware
3.5.0
siemens/scalance_x-300_firmware
3.5.1
siemens/scalance_x-300_firmware
< 3.7.0
siemens/scalance_x-300eec
siemens/scalance_x-300eec_firmware
3.5.0
... and 21 more
Published
Apr 18, 2012
Tracked Since
Feb 18, 2026