ID
VAR-202101-0304
CVE
CVE-2020-25226
TITLE
SCALANCE X-200 and SCALANCE X-200IRT Out-of-bounds write vulnerability in switch family
Trust: 0.8
sources:
JVNDB: JVNDB-2020-015533
DESCRIPTION
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore. SCALANCE X-200 and SCALANCE X-200IRT An out-of-bounds write vulnerability exists in the switch family.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE X is a switch used to connect industrial components, such as programmable logic controllers (plc) or human machine interfaces (HMIs)
Trust: 2.16
sources:
NVD: CVE-2020-25226 //
JVNDB: JVNDB-2020-015533 //
CNVD: CNVD-2021-02594
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2021-02594
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance xc216eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2m ts | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2lh | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224-4c g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224-4c g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x201-3pirt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb205-3 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2ld | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2m | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x307-3ld | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2g poe | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb216 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x202-2irt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2g poe eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x202-2pirt siplus net | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf201-3p irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204-2ba dna | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208poe eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb205-3ld | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf202-2p irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216 \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x307-3 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x202-2pirt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x310fe | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x320-3ldfe | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb213-3 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204 dna | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g poe | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x320-1fe | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf206-1 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x310 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204-2ba irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb213-3ld | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x204irt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2lh\+ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204-2 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x200-4pirt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208 \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224-4c g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216poe eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | シーメンス | model: | scalance x200-4pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x307-3ld | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x202-2pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x308-2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | siplus net scalance x202-2pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x204irt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x307-3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x201-3pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x202-2irt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x308-2ld | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance x-200irt switch family | scope: | - | version: | - | Trust: 0.6 |
| vendor: | siemens | model: | scalance switch family | scope: | eq | version: | x-200 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-02594 //
JVNDB: JVNDB-2020-015533 //
NVD: CVE-2020-25226
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2021-02594 //
JVNDB: JVNDB-2020-015533 //
CNNVD: CNNVD-202101-917 //
NVD: CVE-2020-25226
PROBLEMTYPE DATA
| problemtype: | CWE-122 | Trust: 1.0 |
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD Evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2020-015533 //
NVD: CVE-2020-25226
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202101-917
TYPE
buffer error
Trust: 0.6
sources:
CNNVD: CNNVD-202101-917
PATCH
| title: | SSA-139628 | url: | https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf | Trust: 0.8 |
| title: | Patch for Scalance X Products heap buffer overflow vulnerability (CNVD-2021-02594) | url: | https://www.cnvd.org.cn/patchInfo/show/244018 | Trust: 0.6 |
| title: | Multiple Siemens Product Buffer Error Vulnerability Fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139392 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-02594 //
JVNDB: JVNDB-2020-015533 //
CNNVD: CNNVD-202101-917
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-25226 | Trust: 3.0 |
| db: | SIEMENS | id: | SSA-139628 | Trust: 2.2 |
| db: | JVNDB | id: | JVNDB-2020-015533 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2021-02594 | Trust: 0.6 |
| db: | ICS CERT | id: | ICSA-21-012-05 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2021.0127 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202101-917 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-02594 //
JVNDB: JVNDB-2020-015533 //
CNNVD: CNNVD-202101-917 //
NVD: CVE-2020-25226
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf | Trust: 2.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-25226 | Trust: 1.4 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-012-05 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.0127/ | Trust: 0.6 |
sources:
CNVD: CNVD-2021-02594 //
JVNDB: JVNDB-2020-015533 //
CNNVD: CNNVD-202101-917 //
NVD: CVE-2020-25226
CREDITS
Siemens reported these vulnerabilities to CISA.
Trust: 0.6
sources:
CNNVD: CNNVD-202101-917
SOURCES
| db: | CNVD | id: | CNVD-2021-02594 |
| db: | JVNDB | id: | JVNDB-2020-015533 |
| db: | CNNVD | id: | CNNVD-202101-917 |
| db: | NVD | id: | CVE-2020-25226 |
LAST UPDATE DATE
2024-08-14T12:51:44.322000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2021-02594 | date: | 2021-02-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015533 | date: | 2021-10-01T08:45:00 |
| db: | CNNVD | id: | CNNVD-202101-917 | date: | 2021-09-15T00:00:00 |
| db: | NVD | id: | CVE-2020-25226 | date: | 2022-07-28T17:13:46.093 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2021-02594 | date: | 2021-01-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015533 | date: | 2021-10-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-202101-917 | date: | 2021-01-12T00:00:00 |
| db: | NVD | id: | CVE-2020-25226 | date: | 2021-01-12T21:15:16.543 |