Vulnerability identifier: #VU65296
Vulnerability risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
SCALANCE X200-4P IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X201-3P IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X201-3P IRT PRO
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X202-2IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X202-2P IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X202-2P IRT PRO
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X204IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X204IRT PRO
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XF201-3P IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XF202-2P IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XF204-2BA IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XF204IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X204-2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X204-2FM
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X204-2LD
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X204-2LD TS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X204-2TS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X206-1
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X206-1LD
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X208
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X208PRO
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X212-2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X212-2LD
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X216
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X224
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XF204
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XF204-2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XF206-1
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XF208
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Siemens
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the the URI of incoming HTTP GET requests. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
SCALANCE X200-4P IRT: All versions
SCALANCE X201-3P IRT: All versions
SCALANCE X201-3P IRT PRO: All versions
SCALANCE X202-2IRT: All versions
SCALANCE X202-2P IRT: All versions
SCALANCE X202-2P IRT PRO: All versions
SCALANCE X204IRT: All versions
SCALANCE X204IRT PRO: All versions
SCALANCE XF201-3P IRT: All versions
SCALANCE XF202-2P IRT: All versions
SCALANCE XF204-2BA IRT: All versions
SCALANCE XF204IRT: All versions
External links
http://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdficsa-22-195-01
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.