CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

siemens

scalance_xr-300eec_firmware

3 known vulnerabilities · sorted by CVSS score

CVE-2022-36323

CRITICAL9.1

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

siemens / scalance_m-800_firmware+89

Network

Published Aug 10, 2022

CVE-2022-36324

HIGH7.5

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

siemens / scalance_m-800_firmware+83

Network

Published Aug 10, 2022

CVE-2022-36325

MEDIUM6.8

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

siemens / scalance_m-800_firmware+89

Network

Published Aug 10, 2022