CVE-2020-15799 : A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLU

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.

Published 2021-01-12 21:15:16

Updated 2022-07-28 14:34:20

Source Siemens AG

View at NVD, CVE.org

Products affected by CVE-2020-15799

Siemens » Scalance Xf201-3p Irt Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf201-3p Irt » Version: N/A
Siemens » Scalance Xf202-2p Irt Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf202-2p Irt » Version: N/A
Siemens » Scalance Xf204 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf204 » Version: N/A
Siemens » Scalance Xf204-2 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf204-2 » Version: N/A
Siemens » Scalance Xf204-2ba Irt Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf204-2ba Irt » Version: N/A
Siemens » Scalance Xf206-1 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf206-1 » Version: N/A
Siemens » Scalance Xf208 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf208 » Version: N/A
Siemens » Scalance X200-4pirt Firmware
Versions before (<) 5.5.0
cpe:2.3:o:siemens:scalance_x200-4pirt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X200-4pirt » Version: N/A
Siemens » Scalance X201-3pirt Firmware
Versions before (<) 5.5.0
cpe:2.3:o:siemens:scalance_x201-3pirt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X201-3pirt » Version: N/A
Siemens » Scalance X202-2irt Firmware
Versions before (<) 5.5.0
cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X202-2irt » Version: N/A
Siemens » Scalance X202-2pirt Firmware
Versions before (<) 5.5.0
cpe:2.3:o:siemens:scalance_x202-2pirt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X202-2pirt » Version: N/A
Siemens » Scalance X202-2pirt Siplus Net Firmware
Versions before (<) 5.5.0
cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X202-2pirt Siplus Net » Version: N/A
Siemens » Scalance X204irt Firmware
Versions before (<) 5.5.0
cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X204irt » Version: N/A
Siemens » Scalance X307-3 Firmware
cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X307-3 » Version: N/A
Siemens » Scalance X307-3ld Firmware
cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X307-3ld » Version: N/A
Siemens » Scalance X308-2 Firmware
cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X308-2 » Version: N/A
Siemens » Scalance X308-2ld Firmware
cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X308-2ld » Version: N/A
Siemens » Scalance X308-2lh Firmware
cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X308-2lh » Version: N/A
Siemens » Scalance X308-2lh+ Firmware
cpe:2.3:o:siemens:scalance_x308-2lh\+_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X308-2lh+ » Version: N/A
Siemens » Scalance X308-2m Firmware
cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X308-2m » Version: N/A
Siemens » Scalance X308-2m Ts Firmware
cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X308-2m Ts » Version: N/A
Siemens » Scalance X310 Firmware
cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X310 » Version: N/A
Siemens » Scalance X310fe Firmware
cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X310fe » Version: N/A
Siemens » Scalance X320-1fe Firmware
cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X320-1fe » Version: N/A
Siemens » Scalance X320-3ldfe Firmware
cpe:2.3:o:siemens:scalance_x320-3ldfe_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance X320-3ldfe » Version: N/A
Siemens » Scalance Xb205-3 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xb205-3 » Version: N/A
Siemens » Scalance Xb205-3ld Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xb205-3ld » Version: N/A
Siemens » Scalance Xb208 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xb208 » Version: N/A
Siemens » Scalance Xb213-3 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xb213-3 » Version: N/A
Siemens » Scalance Xb213-3ld Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xb213-3ld » Version: N/A
Siemens » Scalance Xb216 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xb216 » Version: N/A
Siemens » Scalance Xc206-2 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc206-2 » Version: N/A
Siemens » Scalance Xc206-2g Poe Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc206-2g Poe » Version: N/A
Siemens » Scalance Xc206-2g Poe Eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc206-2g Poe Eec » Version: N/A
Siemens » Scalance Xc206-2sfp Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc206-2sfp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc206-2sfp » Version: N/A
Siemens » Scalance Xc206-2sfp Eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc206-2sfp Eec » Version: N/A
Siemens » Scalance Xc206-2sfp G Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc206-2sfp G » Version: N/A
Siemens » Scalance Xc206-2sfp G (e/ip) Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc206-2sfp G (e/ip) » Version: N/A
Siemens » Scalance Xc206-2sfp G Eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc206-2sfp G Eec » Version: N/A
Siemens » Scalance Xc208 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc208 » Version: N/A
Siemens » Scalance Xc208eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc208eec » Version: N/A
Siemens » Scalance Xc208g Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc208g » Version: N/A
Siemens » Scalance Xc208g (e/ip) Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc208g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc208g (e/ip) » Version: N/A
Siemens » Scalance Xc208g Eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc208g Eec » Version: N/A
Siemens » Scalance Xc208g Poe Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc208g Poe » Version: N/A
Siemens » Scalance Xc216 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc216 » Version: N/A
Siemens » Scalance Xc216-4c Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc216-4c » Version: N/A
Siemens » Scalance Xc216-4c G Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc216-4c G » Version: N/A
Siemens » Scalance Xc216-4c G (e/ip) Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc216-4c_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc216-4c G (e/ip) » Version: N/A
Siemens » Scalance Xc216-4c G Eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc216-4c G Eec » Version: N/A
Siemens » Scalance Xc216eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc216eec » Version: N/A
Siemens » Scalance Xc224-4c G Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc224-4c G » Version: N/A
Siemens » Scalance Xc224-4c G (e/ip) Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc224-4c_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc224-4c G (e/ip) » Version: N/A
Siemens » Scalance Xc224-4c G Eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc224-4c G Eec » Version: N/A
Siemens » Scalance Xc224 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xc224 » Version: N/A
Siemens » Scalance Xf204-2ba Dna Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf204-2ba Dna » Version: N/A
Siemens » Scalance Xf204 Dna Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf204_dna_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf204 Dna » Version: N/A
Siemens » Scalance Xf204irt Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xf204irt » Version: N/A
Siemens » Scalance Xp208 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xp208 » Version: N/A
Siemens » Scalance Xp208 (eip) Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xp208_\(eip\)_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xp208 (eip) » Version: N/A
Siemens » Scalance Xp208eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xp208eec » Version: N/A
Siemens » Scalance Xp208poe Eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xp208poe Eec » Version: N/A
Siemens » Scalance Xp216 Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xp216 » Version: N/A
Siemens » Scalance Xp216 (eip) Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xp216_\(eip\)_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xp216 (eip) » Version: N/A
Siemens » Scalance Xp216eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xp216eec » Version: N/A
Siemens » Scalance Xp216poe Eec Firmware
Versions before (<) 5.2.5
cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xp216poe Eec » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-15799

EPSS FAQ

0.49%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 63 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-15799

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-15799

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Assigned by:
- nvd@nist.gov (Secondary)
- productcert@siemens.com (Primary)

References for CVE-2020-15799

https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-15799

Products affected by CVE-2020-15799

Exploit prediction scoring system (EPSS) score for CVE-2020-15799

CVSS scores for CVE-2020-15799

CWE ids for CVE-2020-15799

References for CVE-2020-15799