Multiple vulnerabilities in Siemens SCALANCE X-200, X-200IRT and X-300 Switch Families
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-28895 CVE-2020-35198 |
| CWE-ID | CWE-787 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SIPLUS NET SCALANCE X308-2 Hardware solutions / Firmware SCALANCE XR324-12M TS Hardware solutions / Firmware SCALANCE XR324-12M Hardware solutions / Firmware SCALANCE XR324-4M POE TS Hardware solutions / Firmware SCALANCE XR324-4M POE Hardware solutions / Firmware SCALANCE XR324-4M EEC Hardware solutions / Firmware SCALANCE X310FE Hardware solutions / Firmware SCALANCE X310 Hardware solutions / Firmware SCALANCE X308-2M TS Hardware solutions / Firmware SCALANCE X308-2M POE Hardware solutions / Firmware SCALANCE X308-2M Hardware solutions / Firmware SCALANCE X308-2LH+ Hardware solutions / Firmware SCALANCE X308-2LH Hardware solutions / Firmware SCALANCE X308-2LD Hardware solutions / Firmware SCALANCE X308-2 Hardware solutions / Firmware SCALANCE X307-3LD Hardware solutions / Firmware SCALANCE X307-3 Hardware solutions / Firmware SCALANCE X408-2 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X320-1-2LD FE Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X320-1 FE Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X307-2 EEC Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X306-1LD FE Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X304-2FE Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X302-7 EEC Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X201-3P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SIPLUS NET SCALANCE X202-2P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF204IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF204-2BA IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF202-2P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF201-3P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204IRT PRO Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X202-2P IRT PRO Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X202-2P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X202-2IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X200-4P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF208 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF206-1 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF204-2 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF204 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X224 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X216 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X212-2LD Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X212-2 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X208PRO Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X208 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X206-1LD Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X206-1 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204-2TS Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204-2LD TS Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204-2LD Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204-2FM Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204-2 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU75043
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-28895
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIPLUS NET SCALANCE X308-2: All versions
SCALANCE X408-2: All versions
SCALANCE X320-1-2LD FE: All versions
SCALANCE X320-1 FE: All versions
SCALANCE X307-2 EEC: All versions
SCALANCE X306-1LD FE: All versions
SCALANCE X304-2FE: All versions
SCALANCE X302-7 EEC: All versions
SCALANCE XR324-12M TS: All versions
SCALANCE XR324-12M: All versions
SCALANCE XR324-4M POE TS: All versions
SCALANCE XR324-4M POE: All versions
SCALANCE XR324-4M EEC: All versions
SCALANCE X310FE: All versions
SCALANCE X310: All versions
SCALANCE X308-2M TS: All versions
SCALANCE X308-2M POE: All versions
SCALANCE X308-2M: All versions
SCALANCE X308-2LH+: All versions
SCALANCE X308-2LH: All versions
SCALANCE X308-2LD: All versions
SCALANCE X308-2: All versions
SCALANCE X307-3LD: All versions
SCALANCE X307-3: All versions
SCALANCE X201-3P IRT: before 5.5.2 SCALANCE X201-3P IRT PRO
SIPLUS NET SCALANCE X202-2P IRT: before 5.5.2
SCALANCE XF204IRT: before 5.5.2
SCALANCE XF204-2BA IRT: before 5.5.2
SCALANCE XF202-2P IRT: before 5.5.2
SCALANCE XF201-3P IRT: before 5.5.2
SCALANCE X204IRT PRO: before 5.5.2
SCALANCE X204IRT: before 5.5.2
SCALANCE X202-2P IRT PRO: before 5.5.2
SCALANCE X202-2P IRT: before 5.5.2
SCALANCE X202-2IRT: before 5.5.2
SCALANCE X200-4P IRT: before 5.5.2
SCALANCE XF208: before 5.2.6
SCALANCE XF206-1: before 5.2.6
SCALANCE XF204-2: before 5.2.6
SCALANCE XF204: before 5.2.6
SCALANCE X224: before 5.2.6
SCALANCE X216: before 5.2.6
SCALANCE X212-2LD: before 5.2.6
SCALANCE X212-2: before 5.2.6
SCALANCE X208PRO: before 5.2.6
SCALANCE X208: before 5.2.6
SCALANCE X206-1LD: before 5.2.6
SCALANCE X206-1: before 5.2.6
SCALANCE X204-2TS: before 5.2.6
SCALANCE X204-2LD TS: before 5.2.6
SCALANCE X204-2LD: before 5.2.6
SCALANCE X204-2FM: before 5.2.6
SCALANCE X204-2: before 5.2.6
CPE2.3- cpe:2.3:h:siemens:siplus_net_scalance_x308-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x408-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x320-1-2ld_fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x320-1_fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x307-2_eec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x306-1ld_fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x304-2fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x302-7_eec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-12m_ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-12m:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-4m_poe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-4m_eec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x310fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x310:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2m_ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2m_poe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2m:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2lh_plus:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2lh:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x307-3ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x307-3:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x201-3p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_scalance_x202-2p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf204irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf204-2ba_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf202-2p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf201-3p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204irt_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x200-4p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf208:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf206-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf204-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf204:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x224:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x216:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x212-2ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x212-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x208pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x208:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x206-1ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x206-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2ld_ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2fm:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/txt/ssa-813746.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU62510
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-35198
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Measurements (VxWorks) component in Oracle Communications EAGLE Software. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIPLUS NET SCALANCE X308-2: All versions
SCALANCE X408-2: All versions
SCALANCE X320-1-2LD FE: All versions
SCALANCE X320-1 FE: All versions
SCALANCE X307-2 EEC: All versions
SCALANCE X306-1LD FE: All versions
SCALANCE X304-2FE: All versions
SCALANCE X302-7 EEC: All versions
SCALANCE XR324-12M TS: All versions
SCALANCE XR324-12M: All versions
SCALANCE XR324-4M POE TS: All versions
SCALANCE XR324-4M POE: All versions
SCALANCE XR324-4M EEC: All versions
SCALANCE X310FE: All versions
SCALANCE X310: All versions
SCALANCE X308-2M TS: All versions
SCALANCE X308-2M POE: All versions
SCALANCE X308-2M: All versions
SCALANCE X308-2LH+: All versions
SCALANCE X308-2LH: All versions
SCALANCE X308-2LD: All versions
SCALANCE X308-2: All versions
SCALANCE X307-3LD: All versions
SCALANCE X307-3: All versions
SCALANCE X201-3P IRT: before 5.5.2 SCALANCE X201-3P IRT PRO
SIPLUS NET SCALANCE X202-2P IRT: before 5.5.2
SCALANCE XF204IRT: before 5.5.2
SCALANCE XF204-2BA IRT: before 5.5.2
SCALANCE XF202-2P IRT: before 5.5.2
SCALANCE XF201-3P IRT: before 5.5.2
SCALANCE X204IRT PRO: before 5.5.2
SCALANCE X204IRT: before 5.5.2
SCALANCE X202-2P IRT PRO: before 5.5.2
SCALANCE X202-2P IRT: before 5.5.2
SCALANCE X202-2IRT: before 5.5.2
SCALANCE X200-4P IRT: before 5.5.2
SCALANCE XF208: before 5.2.6
SCALANCE XF206-1: before 5.2.6
SCALANCE XF204-2: before 5.2.6
SCALANCE XF204: before 5.2.6
SCALANCE X224: before 5.2.6
SCALANCE X216: before 5.2.6
SCALANCE X212-2LD: before 5.2.6
SCALANCE X212-2: before 5.2.6
SCALANCE X208PRO: before 5.2.6
SCALANCE X208: before 5.2.6
SCALANCE X206-1LD: before 5.2.6
SCALANCE X206-1: before 5.2.6
SCALANCE X204-2TS: before 5.2.6
SCALANCE X204-2LD TS: before 5.2.6
SCALANCE X204-2LD: before 5.2.6
SCALANCE X204-2FM: before 5.2.6
SCALANCE X204-2: before 5.2.6
CPE2.3- cpe:2.3:h:siemens:siplus_net_scalance_x308-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x408-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x320-1-2ld_fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x320-1_fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x307-2_eec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x306-1ld_fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x304-2fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x302-7_eec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-12m_ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-12m:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-4m_poe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xr324-4m_eec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x310fe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x310:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2m_ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2m_poe:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2m:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2lh_plus:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2lh:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x308-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x307-3ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x307-3:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x201-3p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_scalance_x202-2p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf204irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf204-2ba_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf202-2p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf201-3p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204irt_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x200-4p_irt:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf208:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf206-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf204-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf204:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x224:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x216:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x212-2ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x212-2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x208pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x208:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x206-1ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x206-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2ld_ts:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2ld:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2fm:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204-2:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/txt/ssa-813746.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
