Details of VAR-201305-0214

ID

VAR-201305-0214

CVE

CVE-2013-3633

TITLE

Siemens Scalance X200 Series Switch Remote Privilege Escalation Vulnerability

Trust: 0.8

sources: IVD: eea523d6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06561

DESCRIPTION

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account. Siemens Scalance X200 IRT Included in switch firmware Web The interface is vulnerable to arbitrary command execution because authentication relies on client-side authorization checks.An arbitrary command may be executed by a remotely authenticated user. The Siemens Scalance X200 series switches can be used to connect industrial components such as PLCs or HMIs. Note: Limited information is currently available regarding this issue. We will update this BID as more information emerges. There are permissions and access control vulnerabilities in Siemens SCALANCE X-200 versions earlier than V5.0.0 and SCALANCE X-200IRT versions earlier than V5.1.0. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 2.7

sources: NVD: CVE-2013-3633 // JVNDB: JVNDB-2013-002822 // CNVD: CNVD-2013-06561 // BID: 60165 // IVD: eea523d6-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-63635

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: eea523d6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06561

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance x202-2p irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x204irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x200-4p irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xf204irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x201-3p irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x200irt	scope:	lte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	scalance x202-2irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x200 irt	scope:	lt	version:	5.1.0	Trust: 0.8
vendor:	siemens	model:	scalance x200-4pirt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x201-3p irt	scope:	eq	version:	none	Trust: 0.8
vendor:	siemens	model:	scalance x201-3p irt	scope:	eq	version:	pro	Trust: 0.8
vendor:	siemens	model:	scalance x202-2irt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x202-2p irt	scope:	eq	version:	none	Trust: 0.8
vendor:	siemens	model:	scalance x202-2p irt	scope:	eq	version:	pro	Trust: 0.8
vendor:	siemens	model:	scalance x204irt	scope:	eq	version:	none	Trust: 0.8
vendor:	siemens	model:	scalance x204irt	scope:	eq	version:	pro	Trust: 0.8
vendor:	siemens	model:	scalance xf204irt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance series switches	scope:	eq	version:	x-200	Trust: 0.6
vendor:	siemens	model:	scalance x200irt	scope:	eq	version:	5.0.0	Trust: 0.6
vendor:	scalance x204irt	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	scalance x202 2p irt	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	scalance x201 3p irt	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	scalance x202 2irt	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance x200 4p irt	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance xf204irt	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance x200irt	model:	-	scope:	eq	version:	5.0.0	Trust: 0.2

sources: IVD: eea523d6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06561 // JVNDB: JVNDB-2013-002822 // CNNVD: CNNVD-201305-538 // NVD: CVE-2013-3633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3633
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3633
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-06561
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201305-538
value:	HIGH
Trust: 0.6
IVD:	eea523d6-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-63635
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3633
severity:	HIGH
baseScore:	8.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-06561
severity:	HIGH
baseScore:	8.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	eea523d6-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-63635
severity:	HIGH
baseScore:	8.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: eea523d6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06561 // VULHUB: VHN-63635 // JVNDB: JVNDB-2013-002822 // CNNVD: CNNVD-201305-538 // NVD: CVE-2013-3633

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-63635 // JVNDB: JVNDB-2013-002822 // NVD: CVE-2013-3633

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-538

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201305-538

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002822

PATCH

title:	SSA-170686	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf	Trust: 0.8
title:	Patch for Siemens Scalance X200 Series Switches Remote Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/34436	Trust: 0.6

sources: CNVD: CNVD-2013-06561 // JVNDB: JVNDB-2013-002822

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3633	Trust: 3.6
db:	SIEMENS	id:	SSA-170686	Trust: 1.7
db:	ICS CERT	id:	ICSA-13-149-01	Trust: 1.4
db:	BID	id:	60165	Trust: 1.0
db:	CNNVD	id:	CNNVD-201305-538	Trust: 0.9
db:	CNVD	id:	CNVD-2013-06561	Trust: 0.8
db:	ICS CERT	id:	ICSA-13-169-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-002822	Trust: 0.8
db:	SECUNIA	id:	53519	Trust: 0.6
db:	IVD	id:	EEA523D6-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SEEBUG	id:	SSVID-89660	Trust: 0.1
db:	VULHUB	id:	VHN-63635	Trust: 0.1

sources: IVD: eea523d6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06561 // VULHUB: VHN-63635 // BID: 60165 // JVNDB: JVNDB-2013-002822 // CNNVD: CNNVD-201305-538 // NVD: CVE-2013-3633

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3633	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-13-149-01	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-13-169-01	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3633	Trust: 0.8
url:	http://secunia.com/advisories/53519/	Trust: 0.6
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-1	Trust: 0.6
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-13-149-01	Trust: 0.6
url:	http://subscriber.communications.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2013-06561 // VULHUB: VHN-63635 // BID: 60165 // JVNDB: JVNDB-2013-002822 // CNNVD: CNNVD-201305-538 // NVD: CVE-2013-3633

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 60165

SOURCES

db:	IVD	id:	eea523d6-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-06561
db:	VULHUB	id:	VHN-63635
db:	BID	id:	60165
db:	JVNDB	id:	JVNDB-2013-002822
db:	CNNVD	id:	CNNVD-201305-538
db:	NVD	id:	CVE-2013-3633

LAST UPDATE DATE

2024-08-14T15:35:13.538000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-06561	date:	2013-06-04T00:00:00
db:	VULHUB	id:	VHN-63635	date:	2019-12-12T00:00:00
db:	BID	id:	60165	date:	2013-06-19T06:37:00
db:	JVNDB	id:	JVNDB-2013-002822	date:	2013-06-25T00:00:00
db:	CNNVD	id:	CNNVD-201305-538	date:	2019-12-13T00:00:00
db:	NVD	id:	CVE-2013-3633	date:	2019-12-12T20:15:11.693

SOURCES RELEASE DATE

db:	IVD	id:	eea523d6-2352-11e6-abef-000c29c66e3d	date:	2013-06-04T00:00:00
db:	CNVD	id:	CNVD-2013-06561	date:	2013-06-04T00:00:00
db:	VULHUB	id:	VHN-63635	date:	2013-05-24T00:00:00
db:	BID	id:	60165	date:	2013-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002822	date:	2013-05-29T00:00:00
db:	CNNVD	id:	CNNVD-201305-538	date:	2013-05-27T00:00:00
db:	NVD	id:	CVE-2013-3633	date:	2013-05-24T20:55:01.737