Detections
Analytics

Siemens SCALANCE X-300 Family Switches HTTP Request Handling Remote DOS

high Nessus Network Monitor Plugin ID 148

Synopsis

A Siemens SCALANCE X-300 family switch has been detected which can allow an HTTP request handling remote DOS attack

Description

Siemens SCALANCE X-300 family switches under firmware version 4.0 can allow remote attackers to cause a denial of service (reboot) via malformed HTTP requests.

Solution

Siemens provides firmware update V4.0, which fixes the vulnerabilities, and recommends updating as soon as possible.

See Also

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321046.pdf

Plugin Details

Severity: High

ID: 148

Family: SCADA

Published: 5/21/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_x-300_firmware:3.9.3

Patch Publication Date: 1/21/2015

Vulnerability Publication Date: 1/21/2015

Reference Information

CVE: CVE-2014-8478

BID: 72250