CVE-2012-1802

Name: CVE-2012-1802
Creator: NVD / NIST
Published: 2012-04-18T10:33:35.45+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.00%

Last modified Jun 16, 2026

CVE-2012-1802 is a vulnerability of currently unknown severity. Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.. EPSS estimates a 6.00% chance of exploitation in the next 30 days.

Description

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.

Metrics

EPSS Probability

6.00%

92.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Siemens	Scalance X414-3e Firmware	<= 3.7.0
Siemens	Scalance X414-3e Firmware	1.2.2
Siemens	Scalance X414-3e Firmware	2.1.1
Siemens	Scalance X414-3e Firmware	2.2.0
Siemens	Scalance X414-3e Firmware	2.3.2
Siemens	Scalance X414-3e Firmware	2.3.3
Siemens	Scalance X414-3e Firmware	3.0.0
Siemens	Scalance X414-3e Firmware	3.0.2
Siemens	Scalance X414-3e Firmware	3.3.0
Siemens	Scalance X414-3e Firmware	3.4.0
Siemens	Scalance X414-3e	All versions
Siemens	Scalance X308-2m Firmware	<= 3.7.0
Siemens	Scalance X308-2m Firmware	3.1.1
Siemens	Scalance X308-2m Firmware	3.5.0
Siemens	Scalance X308-2m Firmware	3.5.2
Siemens	Scalance X308-2m	All versions
Siemens	Scalance X-300eec Firmware	<= 3.7.0
Siemens	Scalance X-300eec Firmware	3.5.0
Siemens	Scalance X-300eec	All versions
Siemens	Scalance Xr-300 Firmware	<= 3.7.0
Siemens	Scalance Xr-300 Firmware	3.1.1
Siemens	Scalance Xr-300 Firmware	3.5.0
Siemens	Scalance Xr-300	All versions
Siemens	Scalance X-300 Firmware	<= 3.7.0
Siemens	Scalance X-300 Firmware	2.2.0
Siemens	Scalance X-300 Firmware	2.3.1
Siemens	Scalance X-300 Firmware	3.0.0
Siemens	Scalance X-300 Firmware	3.3.1
Siemens	Scalance X-300 Firmware	3.5.0
Siemens	Scalance X-300 Firmware	3.5.1
Siemens	Scalance X-300	All versions

References

http://osvdb.org/81032
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdfVendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-04.pdfUS Government Resource
http://osvdb.org/81032
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdfVendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-04.pdfUS Government Resource

Timeline

Published: Apr 18, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-1802?

How severe is CVE-2012-1802?

Severity scoring for CVE-2012-1802 is pending analysis. The EPSS model estimates a 6.00% probability of exploitation in the next 30 days.

How do I fix CVE-2012-1802?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-1802?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST