Detections
Analytics

Siemens SCALANCE X-300 Family Switches FTP Server Network Packet Handling Remote DOS

medium Nessus Network Monitor Plugin ID 149

Synopsis

A Siemens SCALANCE X-300 family switch has been detected which can allow an FTP remote DOS attack

Description

Siemens SCALANCE X-300 family switches under firmware version 4.0 can allow remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.

Solution

Siemens provides firmware update V4.0, which fixes the vulnerabilities, and recommends updating as soon as possible.

See Also

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321046.pdf

Plugin Details

Severity: Medium

ID: 149

Family: SCADA

Published: 5/21/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_x-300_firmware:3.9.3

Patch Publication Date: 1/21/2015

Vulnerability Publication Date: 1/21/2015

Reference Information

CVE: CVE-2014-8479

BID: 72251