A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.
scalance_s627-2m_firmware
CVE-2019-6585
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.
CVE-2019-13925
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server.
CVE-2019-13926
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and = V3.0 and = V3.0 and = V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device.