Siemens Scalance X switch 'HTTP 'Request Denial of Service Vulnerability
Release date:
Updated on:
Affected Systems:
Siemens Scalance X Switches X-408
Siemens Scalance X Switches X-300
Description:
Bugtraq id: 72250
CVE (CAN) ID: CVE-2014-8478
Siemens Scalance X Switches is an industrial Ethernet switch product used to connect industrial components such as PLC or HMI.
Denial of Service Vulnerability in implementation on Web servers of Siemens SCALANCE X-300, X-408 switches (versions earlier than firmware 4.0, remote attackers can exploit this vulnerability to cause DoS (restart) by sending specially crafted HTTP requests to port 80/TCP or port 443/TCP ).
<* Source: Deja vu Security
Link: https://ics-cert.us-cert.gov/advisories/ICSA-15-020-01
*>
Suggestion:
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.automation.siemens.com/WW/view/en/107178573
This article permanently updates the link address: