CVE-2019-10942

HIGH

SCALANCE X-200 Firmware < V5.2.5, X-200IRT Firmware < V5.5.0, X204RNA - Denial of Service via Telnet Service

Title source: llm

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf

Scores

CVSS v3 8.6

EPSS 0.0039

EPSS Percentile 60.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (3)

siemens/scalance_x-200_firmware

siemens/scalance_x-200irt_firmware

siemens/scalance_x-200rna_firmware

Published Aug 13, 2019

Tracked Since Feb 18, 2026