| Title | 複数のシーメンス製品における境界外書き込みに関する脆弱性 |
|---|---|
| Summary | 複数のシーメンス製品には、境界外書き込みに関する脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | April 13, 2021, midnight |
| Registration Date | Dec. 28, 2021, 2:35 p.m. |
| Last Update | Dec. 28, 2021, 2:35 p.m. |
| CVSS3.0 : 緊急 | |
| Score | 9.8 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVSS2.0 : 危険 | |
| Score | 7.5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| シーメンス |
| SCALANCE X200-4PIRT ファームウェア 5.5.1 未満 |
| SCALANCE X201-3P IRT PRO ファームウェア 5.5.1 未満 |
| SCALANCE X201-3PIRT ファームウェア 5.5.1 未満 |
| SCALANCE X202-2IRT ファームウェア 5.5.1 未満 |
| SCALANCE X202-2P IRT PRO ファームウェア 5.5.1 未満 |
| SCALANCE X204 IRT PRO ファームウェア 5.5.1 未満 |
| SCALANCE X204 IRT ファームウェア 5.5.1 未満 |
| SCALANCE X204-2 ファームウェア 5.2.5 未満 |
| SCALANCE X204-2FM ファームウェア 5.2.5 未満 |
| SCALANCE X204-2LD ファームウェア 5.2.5 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2021年12月28日] 掲載 |
Dec. 28, 2021, 2:35 p.m. |
| Summary | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code. |
|---|---|
| Publication Date | April 23, 2021, 6:15 a.m. |
| Registration Date | April 23, 2021, 10:04 a.m. |
| Last Update | Nov. 21, 2024, 2:55 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x200-4p_irt_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x202-2_irt_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x202-2_irt:-:*:*:*:*:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x204_irt_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x204_irt:-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x204_irt_pro_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x204_irt_pro:-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:* | ||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:* | ||||
| Configuration14 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:* | ||||
| Configuration15 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:* | ||||
| Configuration16 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x208pro_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x208pro:-:*:*:*:*:*:*:* | ||||
| Configuration17 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:* | ||||
| Configuration18 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:* | ||||
| Configuration19 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:* | ||||
| Configuration20 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:* | ||||
| Configuration21 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:* | ||||
| Configuration22 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:* | ||||
| Configuration23 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:* | ||||
| Configuration24 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_xf204_irt_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_xf204_irt:-:*:*:*:*:*:*:* | ||||
| Configuration25 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:* | ||||
| Configuration26 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:* | ||||
| Configuration27 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:* | ||||
| Configuration28 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:* | 5.2.5 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:* | ||||
| Configuration29 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:* | 5.5.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:* | ||||