Vulnerabilities > Siemens > Scalance Xr524 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-36324 Allocation of Resources Without Limits or Throttling vulnerability in Siemens products
Affected devices do not properly handle the renegotiation of SSL/TLS parameters.
network
low complexity
siemens CWE-770
7.5
2021-05-12 CVE-2020-28393 Incorrect Calculation vulnerability in Siemens products
An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets.
network
low complexity
siemens CWE-682
7.5
2020-02-11 CVE-2019-13946 Resource Exhaustion vulnerability in Siemens products
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device.
network
low complexity
siemens CWE-400
7.5