CVE-2013-3633

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.

CVSS v2.0 8.0 HIGH

8.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:C

Exploitability : 8.0 / Impact : 8.5

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:siemens:scalance_x204irt:-:::::::*
	cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:::::*
	cpe:2.3:h:siemens:scalance_x202-2irt:-:::::::*
	cpe:2.3:h:siemens:scalance_x202-2p_irt:-:::::::*
	cpe:2.3:h:siemens:scalance_xf204irt:-:::::::*
	cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:::::*
	cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:::::*
	cpe:2.3:h:siemens:scalance_x201-3p_irt:-:::::::*
	cpe:2.3:h:siemens:scalance_x200-4p_irt:-:::::::*

Information

Published : 2013-05-24 13:55

Updated : 2019-12-12 12:15

NVD link : CVE-2013-3633

Mitre link : CVE-2013-3633

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

siemens

scalance_x202-2p_irt
scalance_x200irt_firmware
scalance_x200-4p_irt
scalance_x204irt
scalance_x201-3p_irt
scalance_xf204irt
scalance_x202-2irt

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-3633", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 8.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 8.5, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-05-24T20:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-12-12T20:15Z"}