Vulnerabilities > Siemens > Scalance M 800 Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-10 | CVE-2022-36323 | Unspecified vulnerability in Siemens products Affected devices do not properly sanitize an input field. | 9.1 |
2022-08-10 | CVE-2022-36324 | Allocation of Resources Without Limits or Throttling vulnerability in Siemens products Affected devices do not properly handle the renegotiation of SSL/TLS parameters. | 7.5 |
2022-08-10 | CVE-2022-36325 | Unspecified vulnerability in Siemens products Affected devices do not properly sanitize data introduced by an user when rendering the web interface. | 4.8 |
2021-07-13 | CVE-2020-28400 | Allocation of Resources Without Limits or Throttling vulnerability in Siemens products Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. | 7.5 |
2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
2021-03-15 | CVE-2021-25676 | Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). | 7.5 |
2021-03-15 | CVE-2021-25667 | Stack-based Buffer Overflow vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). | 8.8 |
2020-02-11 | CVE-2019-13946 | Resource Exhaustion vulnerability in Siemens products Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. | 7.5 |
2018-09-06 | CVE-2018-5391 | Improper Input Validation vulnerability in multiple products The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. | 7.5 |
2017-10-04 | CVE-2017-14491 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | 9.8 |