Siemens Scalance_sc636-2c

11 CVEs affecting Siemens Scalance_sc636-2c. Latest disclosed: 2022-12-13. Critical: 1, High: 4.

Top CVEs affecting Siemens Scalance_sc636-2c
CVESeverityScorePublishedSummary
CVE-2022-36323Critical9.12022-08-10Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or s…
CVE-2021-25667High8.82021-03-15A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All…
CVE-2022-30065High7.82022-05-18A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar fun…
CVE-2018-25032High7.52022-03-25zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2021-41991High7.52021-10-18The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the c…
CVE-2022-36325Medium6.82022-08-10Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with a…
CVE-2022-46140Medium6.52022-12-13Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and…
CVE-2022-32206Medium6.52022-07-07curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different alg…
CVE-2022-46142Medium5.72022-12-13Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the C…
CVE-2022-32205Medium4.32022-07-07A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large a…
CVE-2022-46143Low2.72022-12-13Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially co…