ID
VAR-202101-0139
CVE
CVE-2020-15800
TITLE
SCALANCE X-200 and SCALANCE X-200IRT Out-of-bounds write vulnerability in switch family
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily. SCALANCE X-200 and SCALANCE X-200IRT An out-of-bounds write vulnerability exists in the switch family.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE X is a switch used to connect industrial components, such as programmable logic controllers (plc) or human machine interfaces (HMIs)
Trust: 2.16
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance xc216eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2m ts | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2lh | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224-4c g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224-4c g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x201-3pirt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb205-3 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2ld | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2m | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x307-3ld | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2g poe | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb216 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x202-2irt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2g poe eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x202-2pirt siplus net | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf201-3p irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204-2ba dna | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208poe eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb205-3ld | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf202-2p irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216 \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x307-3 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x202-2pirt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x310fe | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x320-3ldfe | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb213-3 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204 dna | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g poe | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x320-1fe | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf206-1 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x310 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204-2ba irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb213-3ld | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x204irt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2lh\+ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204-2 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x200-4pirt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208 \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224-4c g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216poe eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | シーメンス | model: | scalance x200-4pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x307-3ld | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x202-2pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x308-2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | siplus net scalance x202-2pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x204irt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x307-3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x201-3pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x202-2irt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x308-2ld | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance x-200irt switch family | scope: | - | version: | - | Trust: 0.6 |
| vendor: | siemens | model: | scalance switch family | scope: | eq | version: | x-200 | Trust: 0.6 |
| vendor: | siemens | model: | scalance switch family | scope: | eq | version: | x-300x408<v4.1.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-122 | Trust: 1.0 |
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer error
Trust: 0.6
PATCH
| title: | SSA-139628 | url: | https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf | Trust: 0.8 |
| title: | Patch for Scalance X Products heap buffer overflow vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/244021 | Trust: 0.6 |
| title: | Siemens SCALANCE X-200IRT Buffer error vulnerability fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138843 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-15800 | Trust: 3.0 |
| db: | SIEMENS | id: | SSA-139628 | Trust: 2.2 |
| db: | JVNDB | id: | JVNDB-2020-015534 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2021-02595 | Trust: 0.6 |
| db: | ICS CERT | id: | ICSA-21-012-05 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2021.0127 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202101-915 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf | Trust: 2.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-15800 | Trust: 1.4 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-012-05 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.0127/ | Trust: 0.6 |
CREDITS
Siemens reported these vulnerabilities to CISA.
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2021-02595 |
| db: | JVNDB | id: | JVNDB-2020-015534 |
| db: | CNNVD | id: | CNNVD-202101-915 |
| db: | NVD | id: | CVE-2020-15800 |
LAST UPDATE DATE
2024-08-14T12:55:07.043000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2021-02595 | date: | 2021-02-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015534 | date: | 2021-10-01T08:52:00 |
| db: | CNNVD | id: | CNNVD-202101-915 | date: | 2021-09-15T00:00:00 |
| db: | NVD | id: | CVE-2020-15800 | date: | 2022-07-01T18:53:35.470 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2021-02595 | date: | 2021-01-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015534 | date: | 2021-10-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-202101-915 | date: | 2021-01-12T00:00:00 |
| db: | NVD | id: | CVE-2020-15800 | date: | 2021-01-12T21:15:16.480 |