CVE-2020-25226: Buffer Overflow
First published: Tue Jan 12 2021(Updated: )
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SCALANCE X200-4PIRT | <5.5.0 | |
| Siemens SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) | ||
| Siemens SCALANCE X201-3P IRT Firmware | <5.5.0 | |
| Siemens Scalance X201-3P IRT Pro Firmware | ||
| Siemens Scalance X202-2P IRT PRO Firmware | <5.5.0 | |
| Siemens SCALANCE X202-2IRT | ||
| Siemens SCALANCE X202-2PIRT SIPLUS NET Firmware | <5.5.0 | |
| Siemens SCALANCE X202-2P IRT SIPLUS NET | ||
| Siemens SIPLUS NET SCALANCE X202-2P IRT | <5.5.0 | |
| Siemens SCALANCE X202-2P IRT SIPLUS NET | ||
| Siemens SCALANCE X204IRT | <5.5.0 | |
| Siemens Scalance X-200IRT | ||
| Siemens Scalance X307-3 | ||
| Siemens SCALANCE X307-3 | ||
| Siemens Scalance X307-3LD Firmware | ||
| Siemens SCALANCE X307-3LD | ||
| Siemens SIPLUS NET SCALANCE X308-2 firmware | ||
| Siemens Scalance X308-2M PoE | ||
| Siemens Scalance X308-2LD | ||
| Siemens Scalance X308-2LD | ||
| Siemens Scalance X308-2LH | ||
| Siemens Scalance X308-2LH | ||
| Siemens Scalance X308-2LH+ Firmware | ||
| Siemens Scalance X308-2LH+ | ||
| Siemens Scalance X308-2M | ||
| Siemens Scalance X308-2M Firmware | ||
| Siemens Scalance X308-2M PoE | ||
| Siemens SCALANCE X308-2M TS (6GK5308-2GG00-2CA2) | ||
| Siemens Scalance X310 | ||
| Siemens Scalance X310 | ||
| Siemens Scalance X310FE | ||
| Siemens Scalance X310FE | ||
| Siemens Scalance X320-1FE | ||
| Siemens SCALANCE X320-1 FE | ||
| Siemens Scalance X320-3LDFE Firmware | ||
| Siemens Scalance X320-3LDFE Firmware | ||
| Siemens Scalance XB205-3 | <5.2.5 | |
| Siemens Scalance XB205-3 Firmware | ||
| Siemens Scalance XB205-3LD | <5.2.5 | |
| Siemens Scalance XB205-3 | ||
| Siemens Scalance XB208 | <5.2.5 | |
| Siemens Scalance XB208 | ||
| Siemens Scalance XB213-3 | <5.2.5 | |
| Siemens Scalance XB213-3LD Firmware | ||
| Siemens Scalance XB213-3LD | <5.2.5 | |
| Siemens Scalance XB213-3LD Firmware | ||
| Siemens Scalance XB216 | <5.2.5 | |
| Siemens Scalance XB216 Firmware | ||
| Siemens Scalance XC206-2 | <5.2.5 | |
| Siemens Scalance XC206-2 Firmware | ||
| Siemens Scalance XC206-2G PoE | <5.2.5 | |
| Siemens Scalance XC206-2G PoE Firmware | ||
| Siemens Scalance XC206-2G PoE EEC | <5.2.5 | |
| Siemens Scalance XC206-2G PoE EEC Firmware | ||
| Siemens Scalance XC206-2SFP | <5.2.5 | |
| Siemens Siplus Net Scalance XC206-2SFP | ||
| Siemens Scalance XC206-2SFP EEC Firmware | <5.2.5 | |
| Siemens Scalance XC206-2SFP EEC Firmware | ||
| Siemens Scalance XC206-2SFP G (E/IP) Firmware | <5.2.5 | |
| Siemens Scalance XC206-2SFP G (E/IP) | ||
| Siemens Scalance XC206-2SFP G (E/IP) Firmware | <5.2.5 | |
| Siemens Scalance XC206-2SFP G (E/IP) | ||
| Siemens Scalance XC206-2SFP G Firmware | <5.2.5 | |
| Siemens Scalance XC206-2SFP G EEC Firmware | ||
| Siemens Siplus Net Scalance XC208 Firmware | <5.2.5 | |
| Siemens Siplus Net Scalance XC208 | ||
| Siemens SCALANCE XC208 EEC Firmware | <5.2.5 | |
| Siemens SCALANCE XC208 EEC Firmware | ||
| Siemens Scalance XC208G (E/IP) | <5.2.5 | |
| Siemens Scalance XC208G (E/IP) | ||
| Siemens Scalance XC208G (E/IP) Firmware | <5.2.5 | |
| Siemens Scalance XC208G (E/IP) | ||
| Siemens SCALANCE XC208G (EIP DEF.) | <5.2.5 | |
| Siemens Scalance XC208G (E/IP) | ||
| Siemens Scalance XC208G PoE | <5.2.5 | |
| Siemens SCALANCE XC208G PoE (54 V DC) | ||
| Siemens Scalance XC216EEC Firmware | <5.2.5 | |
| Siemens SCALANCE XC216-3G PoE (54 V DC) | ||
| Siemens Scalance XC216-4C | <5.2.5 | |
| Siemens Scalance XC216-4C Firmware | ||
| Siemens Scalance XC216-4C G (E/IP) Firmware | <5.2.5 | |
| Siemens Scalance XC216-4C G (E/IP) | ||
| Siemens Scalance XC216-4C G (E/IP) | <5.2.5 | |
| Siemens Scalance XC216-4C G (E/IP) | ||
| Siemens Scalance XC216-4C G EEC | <5.2.5 | |
| Siemens Scalance XC216-4C Firmware | ||
| Siemens Scalance XC216EEC | <5.2.5 | |
| Siemens Scalance XC216EEC Firmware | ||
| Siemens Scalance XC224-4C G EEC Firmware | <5.2.5 | |
| Siemens Scalance XC224-4C G EEC Firmware | ||
| Siemens Scalance XC224-4C G (E/IP) Firmware | <5.2.5 | |
| Siemens Scalance XC224-4C G (E/IP) | ||
| Siemens Scalance XC224-4C G EEC | <5.2.5 | |
| Siemens Scalance XC224-4C G EEC Firmware | ||
| Siemens Scalance Xc224 Firmware | <5.2.5 | |
| Siemens SCALANCE XC224-4C G | ||
| Siemens Scalance XF201-3P IRT | <5.2.5 | |
| Siemens SCALANCE XF201-3P IRT | ||
| Siemens Scalance XF202-2P IRT | <5.2.5 | |
| Siemens SCALANCE XF202-2P IRT | ||
| Siemens Scalance XF204 Firmware | <5.2.5 | |
| Siemens Scalance XF204 | ||
| Siemens Scalance XF204-2 Firmware | <5.2.5 | |
| Siemens SCALANCE XF204-2 | ||
| Siemens Scalance XF204-2BA DNA | <5.2.5 | |
| Siemens Scalance XF204-2BA DNA | ||
| Siemens Scalance XF204-2BA IRT | <5.2.5 | |
| Siemens SCALANCE XF204-2BA IRT | ||
| Siemens Scalance XF204 DNA | <5.2.5 | |
| Siemens Scalance XF204 DNA | ||
| Siemens SCALANCE XF204 IRT | <5.2.5 | |
| Siemens SCALANCE XF204IRT (6GK5204-0BA00-2BF2) | ||
| Siemens Scalance XF206-1 | <5.2.5 | |
| Siemens SCALANCE XF206-1 | ||
| Siemens Scalance XF208 | <5.2.5 | |
| Siemens SCALANCE XF208 | ||
| Siemens SCALANCE XP208 (Ethernet/IP) | <5.2.5 | |
| Siemens Scalance XP208 (EIP) | ||
| Siemens Scalance XP208 (EIP) Firmware | <5.2.5 | |
| Siemens Scalance XP208 (EIP) | ||
| Siemens Scalance XP208EEC | <5.2.5 | |
| Siemens Scalance XP208EEC Firmware | ||
| Siemens SCALANCE XP208PoE EEC | <5.2.5 | |
| Siemens SCALANCE XP208PoE EEC Firmware | ||
| Siemens Scalance XP216 (EIP) Firmware | <5.2.5 | |
| Siemens Scalance XP216 Firmware | ||
| Siemens Scalance XP216 (EIP) Firmware | <5.2.5 | |
| Siemens Scalance XP216 (EIP) | ||
| Siemens Scalance XP216EEC | <5.2.5 | |
| Siemens Scalance XP216EEC Firmware | ||
| Siemens Scalance XP216PoE EEC | <5.2.5 | |
| Siemens Scalance XP216PoE EEC Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-25226?
CVE-2020-25226 is classified as a medium severity vulnerability that could lead to a buffer overflow.
How do I fix CVE-2020-25226?
To remediate CVE-2020-25226, you should upgrade your SCALANCE X-200 and X-200IRT devices to version 5.2.5 or newer.
What devices are affected by CVE-2020-25226?
CVE-2020-25226 affects all versions of SCALANCE X-200 switches prior to V5.2.5 and SCALANCE X-200IRT switches prior to V5.5.0.
What type of vulnerability is CVE-2020-25226?
CVE-2020-25226 is a buffer overflow vulnerability located in the web server component of affected SCALANCE devices.
Are there any available fixes for CVE-2020-25226?
Yes, Siemens has provided firmware updates to address CVE-2020-25226, which are available for download.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens scalance x200-4pirt
- canonical/siemens scalance x200-4p irt (6gk5200-4ah00-2ba3)
- canonical/siemens scalance x201-3p irt firmware
- canonical/siemens scalance x201-3p irt pro firmware
- canonical/siemens scalance x202-2p irt pro firmware
- canonical/siemens scalance x202-2irt
- canonical/siemens scalance x202-2pirt siplus net firmware
- canonical/siemens scalance x202-2p irt siplus net
- canonical/siemens siplus net scalance x202-2p irt
- canonical/siemens scalance x204irt
- canonical/siemens scalance x-200irt
- canonical/siemens scalance x307-3
- canonical/siemens scalance x307-3ld firmware
- canonical/siemens scalance x307-3ld
- canonical/siemens siplus net scalance x308-2 firmware
- canonical/siemens scalance x308-2m poe
- canonical/siemens scalance x308-2ld
- canonical/siemens scalance x308-2lh
- canonical/siemens scalance x308-2lh+ firmware
- canonical/siemens scalance x308-2lh+
- canonical/siemens scalance x308-2m
- canonical/siemens scalance x308-2m firmware
- canonical/siemens scalance x308-2m ts (6gk5308-2gg00-2ca2)
- canonical/siemens scalance x310
- canonical/siemens scalance x310fe
- canonical/siemens scalance x320-1fe
- canonical/siemens scalance x320-1 fe
- canonical/siemens scalance x320-3ldfe firmware
- canonical/siemens scalance xb205-3
- canonical/siemens scalance xb205-3 firmware
- canonical/siemens scalance xb205-3ld
- canonical/siemens scalance xb208
- canonical/siemens scalance xb213-3
- canonical/siemens scalance xb213-3ld firmware
- canonical/siemens scalance xb213-3ld
- canonical/siemens scalance xb216
- canonical/siemens scalance xb216 firmware
- canonical/siemens scalance xc206-2
- canonical/siemens scalance xc206-2 firmware
- canonical/siemens scalance xc206-2g poe
- canonical/siemens scalance xc206-2g poe firmware
- canonical/siemens scalance xc206-2g poe eec
- canonical/siemens scalance xc206-2g poe eec firmware
- canonical/siemens scalance xc206-2sfp
- canonical/siemens siplus net scalance xc206-2sfp
- canonical/siemens scalance xc206-2sfp eec firmware
- canonical/siemens scalance xc206-2sfp g (e/ip) firmware
- canonical/siemens scalance xc206-2sfp g (e/ip)
- canonical/siemens scalance xc206-2sfp g firmware
- canonical/siemens scalance xc206-2sfp g eec firmware
- canonical/siemens siplus net scalance xc208 firmware
- canonical/siemens siplus net scalance xc208
- canonical/siemens scalance xc208 eec firmware
- canonical/siemens scalance xc208g (e/ip)
- canonical/siemens scalance xc208g (e/ip) firmware
- canonical/siemens scalance xc208g (eip def.)
- canonical/siemens scalance xc208g poe
- canonical/siemens scalance xc208g poe (54 v dc)
- canonical/siemens scalance xc216eec firmware
- canonical/siemens scalance xc216-3g poe (54 v dc)
- canonical/siemens scalance xc216-4c
- canonical/siemens scalance xc216-4c firmware
- canonical/siemens scalance xc216-4c g (e/ip) firmware
- canonical/siemens scalance xc216-4c g (e/ip)
- canonical/siemens scalance xc216-4c g eec
- canonical/siemens scalance xc216eec
- canonical/siemens scalance xc224-4c g eec firmware
- canonical/siemens scalance xc224-4c g (e/ip) firmware
- canonical/siemens scalance xc224-4c g (e/ip)
- canonical/siemens scalance xc224-4c g eec
- canonical/siemens scalance xc224 firmware
- canonical/siemens scalance xc224-4c g
- canonical/siemens scalance xf201-3p irt
- canonical/siemens scalance xf202-2p irt
- canonical/siemens scalance xf204 firmware
- canonical/siemens scalance xf204
- canonical/siemens scalance xf204-2 firmware
- canonical/siemens scalance xf204-2
- canonical/siemens scalance xf204-2ba dna
- canonical/siemens scalance xf204-2ba irt
- canonical/siemens scalance xf204 dna
- canonical/siemens scalance xf204 irt
- canonical/siemens scalance xf204irt (6gk5204-0ba00-2bf2)
- canonical/siemens scalance xf206-1
- canonical/siemens scalance xf208
- canonical/siemens scalance xp208 (ethernet/ip)
- canonical/siemens scalance xp208 (eip)
- canonical/siemens scalance xp208 (eip) firmware
- canonical/siemens scalance xp208eec
- canonical/siemens scalance xp208eec firmware
- canonical/siemens scalance xp208poe eec
- canonical/siemens scalance xp208poe eec firmware
- canonical/siemens scalance xp216 (eip) firmware
- canonical/siemens scalance xp216 firmware
- canonical/siemens scalance xp216 (eip)
- canonical/siemens scalance xp216eec
- canonical/siemens scalance xp216eec firmware
- canonical/siemens scalance xp216poe eec
- canonical/siemens scalance xp216poe eec firmware