CVE-2013-3633

EUVD-2013-3566

24.05.2013, 20:55

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:P/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 58%

Affected Products (NVD)

Vendor	Product	Version
siemens	scalance_x200irt_firmware	𝑥 ≤ 5.0.0
siemens	scalance_x200-4p_irt	-
siemens	scalance_x201-3p_irt	-
siemens	scalance_x201-3p_irt	-
siemens	scalance_x202-2irt	-
siemens	scalance_x202-2p_irt	-
siemens	scalance_x202-2p_irt	-
siemens	scalance_x204irt	-
siemens	scalance_x204irt	-
siemens	scalance_xf204irt	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-264 -

References

https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf