ID

VAR-201204-0127


CVE

CVE-2012-1802


TITLE

Siemens Scalance X Industrial Ethernet Buffer overflow vulnerability in switch

Trust: 0.8

sources: JVNDB: JVNDB-2012-002098

DESCRIPTION

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. Siemens Scalance X Switches is a switch device developed by Siemens. Siemens Scalance X Switches has security vulnerabilities that can be exploited by malicious users for denial of service attacks. When the embedded WEB server processes the HTTP request, there is an error, and the attacker sends a specially made request to the management WEB interface to restart the device. The following modules are affected by this vulnerability: * Scalance X414-3E* Scalance X308-2M* Scalance X-300EEC* Scalance XR-300* Scalance X-300. Successfully exploiting this issue allows an attacker to reboot the affected device, denying service to legitimate users. The following versions are vulnerable: Scalance X414-3E running firmware versions prior to 3.7.1 Scalance X switches running firmware versions prior to 3.7.2. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Siemens Scalance X Switches HTTP Request Handling Denial of Service SECUNIA ADVISORY ID: SA48730 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48730 RELEASE DATE: 2012-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/48730/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48730/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48730 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens Scalance X Switches, which can be exploited by malicious people to cause a DoS (Denial of Service). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits J\xfcrgen Bilberger, Daimler TSS GmbH. ORIGINAL ADVISORY: Siemens SSA-130874: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.97

sources: NVD: CVE-2012-1802 // JVNDB: JVNDB-2012-002098 // CNVD: CNVD-2012-1799 // BID: 52933 // IVD: a6db81e2-1f6c-11e6-abef-000c29c66e3d // IVD: f0d1cbe0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-55083 // PACKETSTORM: 111661

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.4

sources: IVD: a6db81e2-1f6c-11e6-abef-000c29c66e3d // IVD: f0d1cbe0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1799

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xr-300scope:eqversion:3.5.0

Trust: 1.8

vendor:siemensmodel:scalance x-300scope:eqversion:3.5.1

Trust: 1.8

vendor:siemensmodel:scalance x-300scope:eqversion:3.0.0

Trust: 1.8

vendor:siemensmodel:scalance x-300scope:eqversion:2.3.1

Trust: 1.8

vendor:siemensmodel:scalance x-300scope:eqversion:3.5.0

Trust: 1.8

vendor:siemensmodel:scalance x-300scope:eqversion:2.2.0

Trust: 1.8

vendor:siemensmodel:scalance x-300scope:eqversion:3.3.1

Trust: 1.8

vendor:siemensmodel:scalance x414-3escope:eqversion:2.3.2

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:eqversion:3.4.0

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:eqversion: -

Trust: 1.2

vendor:siemensmodel:scalance x308-2mscope:eqversion:3.5.2

Trust: 1.2

vendor:siemensmodel:scalance x-300eecscope:eqversion: -

Trust: 1.2

vendor:siemensmodel:scalance x-300eecscope:eqversion:3.5.0

Trust: 1.2

vendor:siemensmodel:scalance x308-2mscope:eqversion:3.5.0

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:eqversion:3.0.0

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:eqversion:1.2.2

Trust: 1.2

vendor:siemensmodel:scalance xr-300scope:eqversion:3.1.1

Trust: 1.2

vendor:siemensmodel:scalance x308-2mscope:eqversion: -

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:eqversion:2.1.1

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:eqversion:3.3.0

Trust: 1.2

vendor:siemensmodel:scalance xr-300scope:eqversion: -

Trust: 1.2

vendor:siemensmodel:scalance x-300scope:eqversion: -

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:eqversion:2.2.0

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:eqversion:3.0.2

Trust: 1.2

vendor:siemensmodel:scalance x308-2mscope:eqversion:3.1.1

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:eqversion:2.3.3

Trust: 1.2

vendor:siemensmodel:scalance x414-3escope:ltversion:3.7.1

Trust: 1.0

vendor:siemensmodel:scalance x414-3escope:lteversion:3.7.0

Trust: 1.0

vendor:siemensmodel:scalance x308-2mscope:lteversion:3.7.0

Trust: 1.0

vendor:siemensmodel:scalance x-300eecscope:lteversion:3.7.0

Trust: 1.0

vendor:siemensmodel:scalance xr-300scope:lteversion:3.7.0

Trust: 1.0

vendor:siemensmodel:scalance x-300scope:lteversion:3.7.0

Trust: 1.0

vendor:siemensmodel:scalance xr-300scope:eqversion:3.7.0

Trust: 0.8

vendor:siemensmodel:scalance x-300scope:eqversion:3.7.0

Trust: 0.8

vendor:siemensmodel:scalance x-300eecscope:eqversion:3.7.0

Trust: 0.8

vendor:siemensmodel:scalance x-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-300scope:ltversion:3.7.2

Trust: 0.8

vendor:siemensmodel:scalance x-300eecscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-300eecscope:ltversion:3.7.2

Trust: 0.8

vendor:siemensmodel:scalance x308-2mscope:ltversion:3.7.2

Trust: 0.8

vendor:siemensmodel:scalance x308-2m industrial ethernetscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x414-3e industrial ethernetscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300scope:ltversion:3.7.2

Trust: 0.8

vendor:siemensmodel:scalance series switchesscope:eqversion:x-300

Trust: 0.6

vendor:siemensmodel:scalance series switchesscope:eqversion:x-400

Trust: 0.6

vendor:siemensmodel:scalance xr-300scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalance x414-3escope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalance x308-2mscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalance x-300eecscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3000

Trust: 0.3

vendor:siemensmodel:scalance series switches nullscope:eqversion:x-300*

Trust: 0.2

vendor:siemensmodel:scalance series switches nullscope:eqversion:x-400*

Trust: 0.2

vendor:siemensmodel:scalance x414-3escope:eqversion:3.7.0

Trust: 0.2

vendor:siemensmodel:scalance x308-2mscope:eqversion:3.7.0

Trust: 0.2

vendor:siemensmodel:scalance x308-2mscope:ltversion:3.7.1

Trust: 0.2

vendor:siemensmodel:scalance x-300eecscope:ltversion:3.7.1

Trust: 0.2

vendor:siemensmodel:scalance xr-300scope:ltversion:3.7.0

Trust: 0.2

vendor:siemensmodel:scalancescope:eqversion:x-300<3.7.1

Trust: 0.2

sources: IVD: a6db81e2-1f6c-11e6-abef-000c29c66e3d // IVD: f0d1cbe0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1799 // BID: 52933 // JVNDB: JVNDB-2012-002098 // CNNVD: CNNVD-201204-112 // NVD: CVE-2012-1802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1802
value: HIGH

Trust: 1.0

NVD: CVE-2012-1802
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201204-112
value: HIGH

Trust: 0.6

IVD: a6db81e2-1f6c-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: f0d1cbe0-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-55083
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-1802
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: a6db81e2-1f6c-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: f0d1cbe0-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-55083
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: a6db81e2-1f6c-11e6-abef-000c29c66e3d // IVD: f0d1cbe0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-55083 // JVNDB: JVNDB-2012-002098 // CNNVD: CNNVD-201204-112 // NVD: CVE-2012-1802

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-55083 // JVNDB: JVNDB-2012-002098 // NVD: CVE-2012-1802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201204-112

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: f0d1cbe0-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201204-112

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002098

PATCH

title:SSA-130874url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Siemens Scalance X Switches HTTP Request Handling Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/15472

Trust: 0.6

title:wV372002_fuer_XR324_und_FPGAurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42985

Trust: 0.6

title:wV372002_fuer_XR308-2M_und_FPGAurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42984

Trust: 0.6

title:cV371013url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42983

Trust: 0.6

sources: CNVD: CNVD-2012-1799 // JVNDB: JVNDB-2012-002098 // CNNVD: CNNVD-201204-112

EXTERNAL IDS

db:NVDid:CVE-2012-1802

Trust: 3.0

db:ICS CERTid:ICSA-12-102-04

Trust: 2.8

db:SIEMENSid:SSA-130874

Trust: 2.1

db:OSVDBid:81032

Trust: 1.1

db:BIDid:52933

Trust: 1.0

db:CNNVDid:CNNVD-201204-112

Trust: 0.9

db:CNVDid:CNVD-2012-1799

Trust: 0.8

db:SECUNIAid:48730

Trust: 0.8

db:JVNDBid:JVNDB-2012-002098

Trust: 0.8

db:IVDid:A6DB81E2-1F6C-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:F0D1CBE0-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-55083

Trust: 0.1

db:PACKETSTORMid:111661

Trust: 0.1

sources: IVD: a6db81e2-1f6c-11e6-abef-000c29c66e3d // IVD: f0d1cbe0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1799 // VULHUB: VHN-55083 // BID: 52933 // JVNDB: JVNDB-2012-002098 // PACKETSTORM: 111661 // CNNVD: CNNVD-201204-112 // NVD: CVE-2012-1802

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-102-04.pdf

Trust: 2.8

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf

Trust: 2.1

url:http://osvdb.org/81032

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1802

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1802

Trust: 0.8

url:http://secunia.com/advisories/48730/

Trust: 0.7

url:http://www.securityfocus.com/bid/52933

Trust: 0.6

url:http://www.automation.siemens.com/mcms/industrial-communication/en/ie/ie_switches_media-converters/pages/ie_switches_media-converters.aspx

Trust: 0.3

url:http://secunia.com/psi_30_beta_launch

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48730

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/48730/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-1799 // VULHUB: VHN-55083 // BID: 52933 // JVNDB: JVNDB-2012-002098 // PACKETSTORM: 111661 // CNNVD: CNNVD-201204-112 // NVD: CVE-2012-1802

CREDITS

J??rgen Bilberger, Daimler TSS GmbH

Trust: 0.6

sources: CNNVD: CNNVD-201204-112

SOURCES

db:IVDid:a6db81e2-1f6c-11e6-abef-000c29c66e3d
db:IVDid:f0d1cbe0-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-1799
db:VULHUBid:VHN-55083
db:BIDid:52933
db:JVNDBid:JVNDB-2012-002098
db:PACKETSTORMid:111661
db:CNNVDid:CNNVD-201204-112
db:NVDid:CVE-2012-1802

LAST UPDATE DATE

2024-08-14T15:45:01.816000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-1799date:2012-04-10T00:00:00
db:VULHUBid:VHN-55083date:2012-11-20T00:00:00
db:BIDid:52933date:2015-03-19T09:22:00
db:JVNDBid:JVNDB-2012-002098date:2012-04-19T00:00:00
db:CNNVDid:CNNVD-201204-112date:2012-04-11T00:00:00
db:NVDid:CVE-2012-1802date:2012-11-20T04:44:08.140

SOURCES RELEASE DATE

db:IVDid:a6db81e2-1f6c-11e6-abef-000c29c66e3ddate:2012-04-10T00:00:00
db:IVDid:f0d1cbe0-2353-11e6-abef-000c29c66e3ddate:2012-04-11T00:00:00
db:CNVDid:CNVD-2012-1799date:2012-04-10T00:00:00
db:VULHUBid:VHN-55083date:2012-04-18T00:00:00
db:BIDid:52933date:2012-04-09T00:00:00
db:JVNDBid:JVNDB-2012-002098date:2012-04-19T00:00:00
db:PACKETSTORMid:111661date:2012-04-09T05:27:09
db:CNNVDid:CNNVD-201204-112date:2012-04-11T00:00:00
db:NVDid:CVE-2012-1802date:2012-04-18T10:33:35.450