CVE-2013-3633

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
siemensscalance_x200irt_firmware
𝑥
≤ 5.0.0
siemensscalance_x200-4p_irt
-
siemensscalance_x201-3p_irt
-
siemensscalance_x201-3p_irt
-
siemensscalance_x202-2irt
-
siemensscalance_x202-2p_irt
-
siemensscalance_x202-2p_irt
-
siemensscalance_x204irt
-
siemensscalance_x204irt
-
siemensscalance_xf204irt
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf