CVE-2013-5944

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:siemens:scalance_x-200_series_firmware::::::::
	cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:::::::*

cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:58

Type	Values Removed	Values Added
References	~~() http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf - Vendor Advisory~~	() http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf - Vendor Advisory
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf -~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf -

Information

Published : 2013-10-03 11:04

Updated : 2024-11-21 01:58

NVD link : CVE-2013-5944

Mitre link : CVE-2013-5944

CVE.ORG link : CVE-2013-5944

JSON object : View

Products Affected

siemens

scalance_x-200
scalance_x-200irt
scalance_x-200_series_firmware

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-5944", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-03T11:04:43.773", "references": [{"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf", "source": "cve@mitre.org"}, {"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface."}, {"lang": "es", "value": "El servidor web integrado en switches Siemens SCALANCE X-200 con firmware anterior a la versi\u00f3n 4.5.0 y switches X-200IRT con firmware anterior a 5.1.0 no aplica adecuadamente los requerimientos de autenticaci\u00f3n, lo que permite a atacantes remotos llevar a cabo acciones administrativas a trav\u00e9s de peticiones a la interfaz de gesti\u00f3n."}], "lastModified": "2024-11-21T01:58:28.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "756EF73B-3FF0-458A-AD4F-02D9F1895C56", "versionEndIncluding": "4.4"}, {"criteria": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17C52F7B-5B34-42B6-BE60-B24EDBE221C8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FEF9F9F-4066-483B-BF95-3BA5625284DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F527B72-4EFC-4A63-9877-ABA7B87C3B8A", "versionEndIncluding": "5.0.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94C7BE35-D3A6-488C-BB3D-D17D65DF4B80"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}