CVE-2019-6569
CRITICALSiemens SCALANCE X Series - Data Injection via Mirror Port
Title source: llmDescription
The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf
Scores
CVSS v3
9.1
EPSS
0.0051
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-440
Status
published
Products (5)
siemens/scalance_x-200_firmware
< 5.2.4
siemens/scalance_x-300_firmware
< 4.1.3
siemens/scalance_xc-200_firmware
< 4.1
siemens/scalance_xf-200_firmware
< 4.1
siemens/scalance_xp-200_firmware
< 4.1
Published
Mar 26, 2019
Tracked Since
Feb 18, 2026