Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:siemens:scalance_xr524_firmware:6.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-36325 |
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. Published: August 10, 2022; 8:15:12 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-36324 |
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. Published: August 10, 2022; 8:15:12 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-36323 |
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Published: August 10, 2022; 8:15:12 AM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2020-28393 |
An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4). Published: May 12, 2021; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.1 HIGH |