Siemens Scalance X Switches 'HTTP' Request Denial of Service Vulnerability
BID:52933
Info
Siemens Scalance X Switches 'HTTP' Request Denial of Service Vulnerability
| Bugtraq ID: | 52933 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2012-1802 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2012 12:00AM |
| Updated: | Mar 19 2015 09:22AM |
| Credit: | Jürgen Bilberger, Daimler TSS GmbH |
| Vulnerable: |
Siemens Scalance XR-300 0 Siemens Scalance X414-3E 0 Siemens Scalance X308-2M 0 Siemens Scalance X-300EEC 0 Siemens Scalance X-300 0 |
| Not Vulnerable: | |
Discussion
Siemens Scalance X Switches 'HTTP' Request Denial of Service Vulnerability
Siemens Scalance X Switches are prone to a denial-of-service vulnerability.
Successfully exploiting this issue allows an attacker to reboot the affected device, denying service to legitimate users.
The following versions are vulnerable:
Scalance X414-3E running firmware versions prior to 3.7.1
Scalance X switches running firmware versions prior to 3.7.2
Siemens Scalance X Switches are prone to a denial-of-service vulnerability.
Successfully exploiting this issue allows an attacker to reboot the affected device, denying service to legitimate users.
The following versions are vulnerable:
Scalance X414-3E running firmware versions prior to 3.7.1
Scalance X switches running firmware versions prior to 3.7.2
Exploit / POC
Siemens Scalance X Switches 'HTTP' Request Denial of Service Vulnerability
Attackers can use readily available tools to exploit this issue.
Attackers can use readily available tools to exploit this issue.
Solution / Fix
Siemens Scalance X Switches 'HTTP' Request Denial of Service Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
Siemens Scalance X Switches 'HTTP' Request Denial of Service Vulnerability
References:
References: