CVE-2013-5944

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
siemensscalance_x-200_series_firmware
𝑥
≤ 4.4
siemensscalance_x-200_series_firmware
4.3
siemensscalance_x-200
-
siemensscalance_x-200_series_firmware
𝑥
≤ 5.0.1
siemensscalance_x-200irt
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf