Vulnerabilities > Siemens > Scalance Xf204 DNA Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-44317 Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in Siemens products
Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.
network
low complexity
siemens CWE-349
7.2
7.2
2022-12-13 CVE-2022-46140 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Siemens products
Affected devices use a weak encryption scheme to encrypt the debug zip file.
network
low complexity
siemens CWE-327
6.5
6.5
2022-12-13 CVE-2022-46142 Storing Passwords in a Recoverable Format vulnerability in Siemens products
Affected devices store the CLI user passwords encrypted in flash memory.
low complexity
siemens CWE-257
5.7
5.7
2022-12-13 CVE-2022-46143 Improper Validation of Specified Quantity in Input vulnerability in Siemens products
Affected devices do not check the TFTP blocksize correctly.
network
low complexity
siemens CWE-1284
2.7
2.7
2021-01-12 CVE-2020-28391 Use of Hard-coded Cryptographic Key vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200 switch family (incl.
network
high complexity
siemens CWE-321
5.9
5.9
2021-01-12 CVE-2020-25226 Heap-based Buffer Overflow vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200 switch family (incl.
network
low complexity
siemens CWE-122
critical
 10.0
10
2021-01-12 CVE-2020-15800 Heap-based Buffer Overflow vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200 switch family (incl.
network
siemens CWE-122
critical
 9.3
9.3
2021-01-12 CVE-2020-15799 Missing Authentication for Critical Function vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200 switch family (incl.
network
siemens CWE-306
7.1
7.1