Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:siemens:scalance_s615_firmware:7.1.2:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-46143 |
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data. Published: December 13, 2022; 11:15:25 AM -0500 |
V3.1: 2.7 LOW V2.0:(not available) |
CVE-2022-46142 |
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. Published: December 13, 2022; 11:15:25 AM -0500 |
V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2022-46140 |
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. Published: December 13, 2022; 11:15:25 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-36325 |
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. Published: August 10, 2022; 8:15:12 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-36324 |
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. Published: August 10, 2022; 8:15:12 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-36323 |
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Published: August 10, 2022; 8:15:12 AM -0400 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2021-3449 |
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). Published: March 25, 2021; 11:15:13 AM -0400 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |