Sign-up

ID

VAR-201501-0421


CVE

CVE-2014-8479


TITLE

Siemens Scalance X Switches Denial of service vulnerability

Trust: 0.8

sources: IVD: a7dba7fa-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00656

DESCRIPTION

The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets. Siemens Scalance X Switches is a switch device developed by Siemens. The following versions are vulnerable: Scalance X-300 family running firmware versions prior to 4.0 Scalance X408 family running firmware versions prior to 4.0

Trust: 2.7

sources: NVD: CVE-2014-8479 // JVNDB: JVNDB-2014-007755 // CNVD: CNVD-2015-00656 // BID: 72251 // IVD: a7dba7fa-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-76424

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: a7dba7fa-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00656

AFFECTED PRODUCTS

vendor:siemensmodel:scalance x-300 seriesscope:lteversion:3.9.3

Trust: 1.0

vendor:siemensmodel:scalance x-408scope:lteversion:3.9.3

Trust: 1.0

vendor:siemensmodel:scalance x 408scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x 408scope:ltversion:4.0

Trust: 0.8

vendor:siemensmodel:scalance x-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-300scope:ltversion:4.0

Trust: 0.8

vendor:siemensmodel:scalance x-300eecscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-300poescope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300eecscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300poescope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance family running versionsscope:eqversion:x-300<4.0

Trust: 0.6

vendor:siemensmodel:family running versionsscope:eqversion:x408<4.0

Trust: 0.6

vendor:siemensmodel:scalance x-300 seriesscope:eqversion:3.9.3

Trust: 0.6

vendor:siemensmodel:scalance x-408scope:eqversion:3.9.3

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x4083.0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.7.2

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.7.0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.5.1

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.5.0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.3.1

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.0.0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3002.3.1

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3002.2.0

Trust: 0.3

vendor:siemensmodel:scalancescope:neversion:x4084.0

Trust: 0.3

vendor:siemensmodel:scalancescope:neversion:x-3004.0

Trust: 0.3

vendor:scalance x 408model: - scope:eqversion:*

Trust: 0.2

vendor:scalance x 300 seriesmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: a7dba7fa-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00656 // BID: 72251 // JVNDB: JVNDB-2014-007755 // CNNVD: CNNVD-201501-477 // NVD: CVE-2014-8479

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8479
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8479
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-00656
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201501-477
value: MEDIUM

Trust: 0.6

IVD: a7dba7fa-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-76424
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8479
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-00656
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a7dba7fa-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-76424
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: a7dba7fa-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00656 // VULHUB: VHN-76424 // JVNDB: JVNDB-2014-007755 // CNNVD: CNNVD-201501-477 // NVD: CVE-2014-8479

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-76424 // JVNDB: JVNDB-2014-007755 // NVD: CVE-2014-8479

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-477

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201501-477

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007755

PATCH
title:SSA-321046url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf
Trust: 0.8
title:Siemens Scalance X Switches Patch for Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/54275
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00656 // 
            
            
            
            JVNDB: JVNDB-2014-007755

EXTERNAL IDS
db:NVDid:CVE-2014-8479
Trust: 3.6
db:SIEMENSid:SSA-321046
Trust: 1.7
db:BIDid:72251
Trust: 1.0
db:CNNVDid:CNNVD-201501-477
Trust: 0.9
db:CNVDid:CNVD-2015-00656
Trust: 0.8
db:JVNDBid:JVNDB-2014-007755
Trust: 0.8
db:ICS CERTid:ICSA-15-020-01
Trust: 0.3
db:IVDid:A7DBA7FA-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-76424
Trust: 0.1
sources:
            
            
            IVD: a7dba7fa-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-00656 // 
            
            
            
            VULHUB: VHN-76424 // 
            
            
            
            BID: 72251 // 
            
            
            
            JVNDB: JVNDB-2014-007755 // 
            
            
            
            CNNVD: CNNVD-201501-477 // 
            
            
            
            NVD: CVE-2014-8479

REFERENCES
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8479
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8479
Trust: 0.8
url:http://www.securityfocus.com/bid/72251
Trust: 0.6
url:http://www.automation.siemens.com/mcms/industrial-communication/en/ie/ie_switches_media-converters/pages/ie_switches_media-converters.aspx
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-15-020-01 
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-00656 // 
            
            
            
            VULHUB: VHN-76424 // 
            
            
            
            BID: 72251 // 
            
            
            
            JVNDB: JVNDB-2014-007755 // 
            
            
            
            CNNVD: CNNVD-201501-477 // 
            
            
            
            NVD: CVE-2014-8479

CREDITS
Deja vu Security
Trust: 0.3
sources:
            
            
            BID: 72251

SOURCES
db:IVDid:a7dba7fa-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-00656
db:VULHUBid:VHN-76424
db:BIDid:72251
db:JVNDBid:JVNDB-2014-007755
db:CNNVDid:CNNVD-201501-477
db:NVDid:CVE-2014-8479

LAST UPDATE DATE
2024-11-23T22:13:33.289000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00656date:2015-01-27T00:00:00
db:VULHUBid:VHN-76424date:2020-02-10T00:00:00
db:BIDid:72251date:2015-01-20T00:00:00
db:JVNDBid:JVNDB-2014-007755date:2015-01-26T00:00:00
db:CNNVDid:CNNVD-201501-477date:2020-02-11T00:00:00
db:NVDid:CVE-2014-8479date:2024-11-21T02:19:08.900

SOURCES RELEASE DATE
db:IVDid:a7dba7fa-2351-11e6-abef-000c29c66e3ddate:2015-01-27T00:00:00
db:CNVDid:CNVD-2015-00656date:2015-01-23T00:00:00
db:VULHUBid:VHN-76424date:2015-01-21T00:00:00
db:BIDid:72251date:2015-01-20T00:00:00
db:JVNDBid:JVNDB-2014-007755date:2015-01-26T00:00:00
db:CNNVDid:CNNVD-201501-477date:2015-01-23T00:00:00
db:NVDid:CVE-2014-8479date:2015-01-21T17:59:01.323