CVE-2020-15800

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-15800?: CVE-2020-15800 has been scored as a critical severity vulnerability.
How to fix CVE-2020-15800?: To fix CVE-2020-15800, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-15800 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-15800 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-15800?: CVE-2020-15800 affects Siemens SCALANCE X-200 switch family (incl. SIPLUS NET variants), Siemens SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), Siemens SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants).

Description

Categories

CWE-122 – Heap-based Buffer Overflow

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions