CVE-2020-15799 — MEDIUM (6.5)

Q: How severe is CVE-2020-15799?

CVE-2020-15799 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-15799?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X200-4Pirt Firmware, Siemens Scalance X200-4Pirt, Siemens Scalance X201-3Pirt Firmware, Siemens Scalance X201-3Pirt, Siemens Scalance X202-2Irt Firmware.

Vulnerability Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Scalance X200-4Pirt Firmware	< 5.5.0
Siemens	Scalance X200-4Pirt	-
Siemens	Scalance X201-3Pirt Firmware	< 5.5.0
Siemens	Scalance X201-3Pirt	-
Siemens	Scalance X202-2Irt Firmware	< 5.5.0
Siemens	Scalance X202-2Irt	-
Siemens	Scalance X202-2Pirt Firmware	< 5.5.0
Siemens	Scalance X202-2Pirt	-
Siemens	Scalance X202-2Pirt Siplus Net Firmware	< 5.5.0
Siemens	Scalance X202-2Pirt Siplus Net	-
Siemens	Scalance X204Irt Firmware	< 5.5.0
Siemens	Scalance X204Irt	-
Siemens	Scalance X307-3 Firmware	All versions
Siemens	Scalance X307-3	-
Siemens	Scalance X307-3Ld Firmware	All versions
Siemens	Scalance X307-3Ld	-
Siemens	Scalance X308-2 Firmware	All versions
Siemens	Scalance X308-2	-
Siemens	Scalance X308-2Ld Firmware	All versions
Siemens	Scalance X308-2Ld	-

Related Weaknesses (CWE)

CWE-306

References

https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdfVendor Advisory

FAQ

What is CVE-2020-15799?

CVE-2020-15799 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5....

How severe is CVE-2020-15799?

CVE-2020-15799 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15799?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X200-4Pirt Firmware, Siemens Scalance X200-4Pirt, Siemens Scalance X201-3Pirt Firmware, Siemens Scalance X201-3Pirt, Siemens Scalance X202-2Irt Firmware.