Vulnerabilities > Siemens > Scalance M 800 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-36323 Unspecified vulnerability in Siemens products
Affected devices do not properly sanitize an input field.
network
low complexity
siemens
critical
9.1
2022-08-10 CVE-2022-36324 Allocation of Resources Without Limits or Throttling vulnerability in Siemens products
Affected devices do not properly handle the renegotiation of SSL/TLS parameters.
network
low complexity
siemens CWE-770
7.5
2022-08-10 CVE-2022-36325 Unspecified vulnerability in Siemens products
Affected devices do not properly sanitize data introduced by an user when rendering the web interface.
network
low complexity
siemens
4.8
2021-07-13 CVE-2020-28400 Allocation of Resources Without Limits or Throttling vulnerability in Siemens products
Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition.
network
low complexity
siemens CWE-770
7.5
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-15 CVE-2021-25676 Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens products
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3).
network
low complexity
siemens CWE-307
7.5
2021-03-15 CVE-2021-25667 Stack-based Buffer Overflow vulnerability in Siemens products
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2).
low complexity
siemens CWE-121
8.8
2020-02-11 CVE-2019-13946 Resource Exhaustion vulnerability in Siemens products
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device.
network
low complexity
siemens CWE-400
7.5
2018-09-06 CVE-2018-5391 Improper Input Validation vulnerability in multiple products
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly.
7.5
2017-10-04 CVE-2017-14491 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
9.8