Summaryinfo

A vulnerability was found in Siemens Scalance X-408 up to 3.9.2. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes input validation. The identification of this vulnerability is CVE-2014-8479. There is no exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability classified as critical was found in Siemens Scalance X-408 up to 3.9.2. Affected by this vulnerability is an unknown code block. The manipulation with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. As an impact it is known to affect availability. The summary by CVE is:

The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.

The weakness was shared 01/21/2015 (Website). The advisory is shared at siemens.com. This vulnerability is known as CVE-2014-8479 since 10/24/2014. The exploitation appears to be easy. The attack can be launched remotely. The requirement for exploitation is a single authentication. Neither technical details nor an exploit are publicly available.

Upgrading to version 3.9.3 eliminates this vulnerability.

The entry VDB-73728 is related to this item. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• Siemens

Name

• Scalance X-408

Version

• 3.9.0
• 3.9.1
• 3.9.2

License

• commercial

Website

• Vendor: https://www.siemens.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion