cpe:/a:siemens:scalance_x-300_firmware:2.2.0 cpe:/a:siemens:scalance_x-300_firmware:2.3.1 cpe:/a:siemens:scalance_x-300_firmware:3.0.0 cpe:/a:siemens:scalance_x-300_firmware:3.3.1 cpe:/a:siemens:scalance_x-300_firmware:3.5.0 cpe:/a:siemens:scalance_x-300_firmware:3.5.1 cpe:/a:siemens:scalance_x-300_firmware:3.7.0 cpe:/a:siemens:scalance_x-300eec_firmware:3.5.0 cpe:/a:siemens:scalance_x-300eec_firmware:3.7.0 cpe:/a:siemens:scalance_x308-2m_firmware:3.1.1 cpe:/a:siemens:scalance_x308-2m_firmware:3.5.0 cpe:/a:siemens:scalance_x308-2m_firmware:3.5.2 cpe:/a:siemens:scalance_x308-2m_firmware:3.7.0 cpe:/a:siemens:scalance_x414-3e_firmware:1.2.2 cpe:/a:siemens:scalance_x414-3e_firmware:2.1.1 cpe:/a:siemens:scalance_x414-3e_firmware:2.2.0 cpe:/a:siemens:scalance_x414-3e_firmware:2.3.2 cpe:/a:siemens:scalance_x414-3e_firmware:2.3.3 cpe:/a:siemens:scalance_x414-3e_firmware:3.0.0 cpe:/a:siemens:scalance_x414-3e_firmware:3.0.2 cpe:/a:siemens:scalance_x414-3e_firmware:3.3.0 cpe:/a:siemens:scalance_x414-3e_firmware:3.4.0 cpe:/a:siemens:scalance_x414-3e_firmware:3.7.0 cpe:/a:siemens:scalance_xr-300_firmware:3.1.1 cpe:/a:siemens:scalance_xr-300_firmware:3.5.0 cpe:/a:siemens:scalance_xr-300_firmware:3.7.0 cpe:/h:siemens:scalance_x-300:- cpe:/h:siemens:scalance_x-300eec:- cpe:/h:siemens:scalance_x308-2m:- cpe:/h:siemens:scalance_x414-3e:- cpe:/h:siemens:scalance_xr-300:- CVE-2012-1802 2012-04-18T06:33:35.450-04:00 2012-11-19T23:44:08.140-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2012-04-18T14:10:00.000-04:00 OSVDB 81032 CONFIRM http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf MISC http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-04.pdf Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.