Siemens SCALANCE S612 Firewall > 2.1 and < 188.8.131.52 Multiple Vulnerabilities (SSA-268149)
Critical Nessus Plugin ID 83263
SynopsisThe remote Siemens SCALANCE S612 firewall is affected by multiple vulnerabilities.
DescriptionThe Siemens SCALANCE S612 firewall device has a firmware version that is greater than 2.1 and prior to 184.108.40.206. It is, therefore, affected by the following vulnerabilities :
- A brute-force weakness exists due to a failure to enforce time delays between failed login attempts. This allows a remote attacker to perform rapid, multiple authentication attempts within a short time frame.
- A stack-based buffer overflow vulnerability exists in the Profinet DCP protocol implementation due to a failure to correctly handle unexpected input. A remote attacker, using a specially crafted DCP frame, can crash the DCP protocol stack, resulting in a denial of service condition or possible arbitrary code execution.
SolutionUpgrade to firmware release 220.127.116.11 or later.