#VU49499 Missing Authentication for Critical Function in SCALANCE X-200 and SCALANCE X-200 IRT - CVE-2020-15799
Published: January 12, 2021 / Updated: January 13, 2021
Vulnerability identifier: #VU49499
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-15799
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SCALANCE X-200
SCALANCE X-200 IRT
SCALANCE X-200
SCALANCE X-200 IRT
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to missing authentication for critical function. A remote attacker can use special URLs from integrated web server of the affected products and reboot the device.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.