CVE-2012-1802 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2012-1802?

CVE-2012-1802 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-1802?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X414-3E Firmware, Siemens Scalance X414-3E, Siemens Scalance X308-2M Firmware, Siemens Scalance X308-2M, Siemens Scalance X-300Eec Firmware.

Vulnerability Description

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Siemens	Scalance X414-3E Firmware	<= 3.7.0
Siemens	Scalance X414-3E	-
Siemens	Scalance X308-2M Firmware	<= 3.7.0
Siemens	Scalance X308-2M	-
Siemens	Scalance X-300Eec Firmware	<= 3.7.0
Siemens	Scalance X-300Eec	-
Siemens	Scalance Xr-300 Firmware	<= 3.7.0
Siemens	Scalance Xr-300	-
Siemens	Scalance X-300 Firmware	<= 3.7.0
Siemens	Scalance X-300	-

Related Weaknesses (CWE)

CWE-119

References

http://osvdb.org/81032
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-04.pdfUS Government Resource
http://osvdb.org/81032
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-04.pdfUS Government Resource

FAQ

What is CVE-2012-1802?

CVE-2012-1802 is a vulnerability with a CVSS score of 7.8 (HIGH). Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before...

How severe is CVE-2012-1802?

CVE-2012-1802 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-1802?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X414-3E Firmware, Siemens Scalance X414-3E, Siemens Scalance X308-2M Firmware, Siemens Scalance X308-2M, Siemens Scalance X-300Eec Firmware.