CVE-2014-8478

Summary

CVE	CVE-2014-8478
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-01-21 17:59:00 UTC
Updated	2020-02-10 15:15:00 UTC
Description	The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests.

Risk And Classification

Problem Types: CWE-22

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Siemens	Scalance X-300	-	All	All	All
Hardware	Siemens	Scalance X-300	-	All	All	All
Hardware	Siemens	Scalance X-300eec	-	All	All	All
Hardware	Siemens	Scalance X-300eec	-	All	All	All
Hardware	Siemens	Scalance X-300poe	-	All	All	All
Hardware	Siemens	Scalance X-300poe	-	All	All	All
Application	Siemens	Scalance X-300 Series Firmware	All	All	All	All
Hardware	Siemens	Scalance X-408	All	All	All	All
Hardware	Siemens	Scalance X-408	All	All	All	All
Application	Siemens	Scalance X-408 Firmware	All	All	All	All
Hardware	Siemens	Scalance Xr-300	-	All	All	All
Hardware	Siemens	Scalance Xr-300	-	All	All	All
Hardware	Siemens	Scalance Xr-300eec	-	All	All	All
Hardware	Siemens	Scalance Xr-300eec	-	All	All	All
Hardware	Siemens	Scalance Xr-300poe	-	All	All	All
Hardware	Siemens	Scalance Xr-300poe	-	All	All	All

References

Reference	Source	Link	Tags
Siemens	CONFIRM	www.siemens.com	Vendor Advisory
cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf	CONFIRM	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591266 Siemens SCALANCE X-300/X408 Switch Family Denial of Service (DoS) Multiple Vulnerabilities (ICSA-15-020-01, SSA-321046)