Publication Date: 2021-01-12
Last Update: 2021-09-14
Current Version: V1.2
CVSS v3.1 Base Score: 9.8

Affected Product and Versions Remediation
SCALANCE X-200 switch family (incl. SIPLUS NET variants):
All versions < V5.2.5 		Update to V5.2.5 or later version
https://support.industry.siemens.com/cs/ww/en/view/109801131/
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants):
All versions < V5.5.0 		Update to V5.5.0 or later version
https://support.industry.siemens.com/cs/ww/en/view/109792534/
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants):
All versions < V4.1.0
only affected by CVE-2020-15800 		Update to V4.1.0 or later version
https://support.industry.siemens.com/cs/ww/en/view/109773547/

CVSS v3.1 Base Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-306: Missing Authentication for Critical Function

CVSS v3.1 Base Score 9.8
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
CWE: CWE-122: Heap-based Buffer Overflow

CVSS v3.1 Base Score 9.8
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
CWE: CWE-122: Heap-based Buffer Overflow

https://www.siemens.com/cert/advisories