CVE-2020-15800
CRITICALSCALANCE X-200IRT/X-300 Switch Family < V5.5.0/V4.1.0 - Heap-based Buffer Overflow via Webserver Request
Title source: llmDescription
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf
Scores
CVSS v3
9.8
EPSS
0.0165
EPSS Percentile
73.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-122
CWE-787
Status
published
Products (50)
siemens/scalance_x200-4pirt_firmware
< 5.5.0
siemens/scalance_x201-3pirt_firmware
< 5.5.0
siemens/scalance_x202-2irt_firmware
< 5.5.0
siemens/scalance_x202-2pirt_firmware
< 5.5.0
siemens/scalance_x202-2pirt_siplus_net_firmware
< 5.5.0
siemens/scalance_x204irt_firmware
< 5.5.0
siemens/scalance_x307-3_firmware
siemens/scalance_x307-3ld_firmware
siemens/scalance_x308-2_firmware
siemens/scalance_x308-2ld_firmware
... and 40 more
Published
Jan 12, 2021
Tracked Since
Feb 18, 2026