CVE-2012-1802

Description

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.

Affected products

• Siemens / scalance_x-300
• Siemens / scalance_x-300eec
• Siemens / scalance_x-300eec_firmware3.7.0
• Siemens / scalance_x-300eec_firmware3.5.0 – 3.5.0
• Siemens / scalance_x-300_firmware3.3.1 – 3.3.1
• Siemens / scalance_x-300_firmware3.0.0 – 3.0.0
• Siemens / scalance_x-300_firmware2.3.1 – 2.3.1
• Siemens / scalance_x-300_firmware2.2.0 – 2.2.0
• Siemens / scalance_x-300_firmware3.7.0
• Siemens / scalance_x-300_firmware3.5.1 – 3.5.1
• Siemens / scalance_x-300_firmware3.5.0 – 3.5.0
• Siemens / SCALANCE X308-2M
• Siemens / scalance_x308-2m_firmware3.5.2 – 3.5.2
• Siemens / scalance_x308-2m_firmware3.1.1 – 3.1.1
• Siemens / scalance_x308-2m_firmware3.5.0 – 3.5.0
• Siemens / scalance_x308-2m_firmware3.7.0
• Siemens / scalance_x414-3e
• Siemens / scalance_x414-3e_firmware1.2.2 – 1.2.2
• Siemens / scalance_x414-3e_firmware3.7.0
• Siemens / scalance_x414-3e_firmware3.4.0 – 3.4.0
• Siemens / scalance_x414-3e_firmware2.3.3 – 2.3.3
• Siemens / scalance_x414-3e_firmware2.3.2 – 2.3.2
• Siemens / scalance_x414-3e_firmware2.2.0 – 2.2.0
• Siemens / scalance_x414-3e_firmware2.1.1 – 2.1.1
• Siemens / scalance_x414-3e_firmware3.3.0 – 3.3.0
• Siemens / scalance_x414-3e_firmware3.0.2 – 3.0.2
• Siemens / scalance_x414-3e_firmware3.0.0 – 3.0.0
• Siemens / scalance_xr-300
• Siemens / scalance_xr-300_firmware3.1.1 – 3.1.1
• Siemens / scalance_xr-300_firmware3.5.0 – 3.5.0
• Siemens / scalance_xr-300_firmware3.7.0

References

• MISChttp://osvdb.org/81032
• MISChttp://www.us-cert.gov/control_systems/pdf/ICSA-12-102-04.pdf
• MISChttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf