ID
VAR-201310-0390
CVE
CVE-2013-5944
TITLE
Siemens SCALANCE X-200 and X-200IRT Vulnerability to execute administrator actions in switch firmware
Trust: 0.8
sources:
JVNDB: JVNDB-2013-004482
DESCRIPTION
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. The Siemens Scalance X200 is an industrial Ethernet switch from Siemens. SCALANCE X-200 and X-200IRT series switches are prone to an authentication-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and gain administrative access to the affected device. The following products are affected. SCALANCE X-200 running firmware versions prior to 4.5.0 SCALANCE X-200IRT running firmware versions prior to 5.1.0
Trust: 2.79
sources:
NVD: CVE-2013-5944 //
JVNDB: JVNDB-2013-004482 //
CNVD: CNVD-2013-13553 //
BID: 62762 //
IVD: 9e35be88-2352-11e6-abef-000c29c66e3d //
VULHUB: VHN-65946 //
VULMON: CVE-2013-5944
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
sources:
IVD: 9e35be88-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-13553
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance x-200 series | scope: | eq | version: | 4.3 | Trust: 1.6 |
| vendor: | siemens | model: | scalance x-200 series | scope: | lte | version: | 4.4 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x-200irt | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | siemens | model: | scalance x-200 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | siemens | model: | scalance x-200 series | scope: | lte | version: | 5.0.1 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x-200 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance x-200 series | scope: | lt | version: | 4.5.0 (scalance x-200) | Trust: 0.8 |
| vendor: | siemens | model: | scalance x-200 series | scope: | lt | version: | 5.1.0 (scalance x-200irt) | Trust: 0.8 |
| vendor: | siemens | model: | scalance x-200irt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance | scope: | eq | version: | x-2004.4.9 | Trust: 0.6 |
| vendor: | siemens | model: | scalance x-200irt | scope: | eq | version: | 5.0.9 | Trust: 0.6 |
| vendor: | siemens | model: | scalance x-200 series | scope: | eq | version: | 5.0.1 | Trust: 0.6 |
| vendor: | siemens | model: | scalance x-200 series | scope: | eq | version: | 4.4 | Trust: 0.6 |
| vendor: | siemens | model: | scalance x-200irt | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | siemens | model: | scalance | scope: | eq | version: | x-2000 | Trust: 0.3 |
| vendor: | siemens | model: | scalance x-200irt | scope: | ne | version: | 5.1.2 | Trust: 0.3 |
| vendor: | siemens | model: | scalance x-200irt | scope: | ne | version: | 5.1 | Trust: 0.3 |
| vendor: | siemens | model: | scalance | scope: | ne | version: | x-2004.5 | Trust: 0.3 |
| vendor: | scalance x 200 series | model: | - | scope: | eq | version: | 5.0.1 | Trust: 0.2 |
| vendor: | scalance x 200 | model: | - | scope: | eq | version: | - | Trust: 0.2 |
| vendor: | scalance x 200 series | model: | - | scope: | eq | version: | 4.4 | Trust: 0.2 |
| vendor: | scalance x 200irt | model: | - | scope: | eq | version: | - | Trust: 0.2 |
| vendor: | scalance x 200 series | model: | - | scope: | eq | version: | 4.3 | Trust: 0.2 |
sources:
IVD: 9e35be88-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-13553 //
BID: 62762 //
JVNDB: JVNDB-2013-004482 //
CNNVD: CNNVD-201310-059 //
NVD: CVE-2013-5944
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
IVD: 9e35be88-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-13553 //
VULHUB: VHN-65946 //
VULMON: CVE-2013-5944 //
JVNDB: JVNDB-2013-004482 //
CNNVD: CNNVD-201310-059 //
NVD: CVE-2013-5944
PROBLEMTYPE DATA
| problemtype: | CWE-287 | Trust: 1.9 |
sources:
VULHUB: VHN-65946 //
JVNDB: JVNDB-2013-004482 //
NVD: CVE-2013-5944
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201310-059
TYPE
authorization issue
Trust: 0.6
sources:
CNNVD: CNNVD-201310-059
CONFIGURATIONS
sources:
JVNDB: JVNDB-2013-004482
PATCH
| title: | SSA-176087 | url: | http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf | Trust: 0.8 |
| title: | Patch for unclear management access vulnerability on the WEB interface of the Siemens SCALANCE X-200 switch | url: | https://www.cnvd.org.cn/patchInfo/show/40012 | Trust: 0.6 |
| title: | Siemens Scalance X-200 Switch unauthorized access vulnerability fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109052 | Trust: 0.6 |
| title: | Siemens Security Advisories: Siemens Security Advisory | url: | https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=44f98d989f2a58ed7cb2e4b6335cb180 | Trust: 0.1 |
sources:
CNVD: CNVD-2013-13553 //
VULMON: CVE-2013-5944 //
JVNDB: JVNDB-2013-004482 //
CNNVD: CNNVD-201310-059
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-5944 | Trust: 3.7 |
| db: | SIEMENS | id: | SSA-176087 | Trust: 2.7 |
| db: | BID | id: | 62762 | Trust: 1.0 |
| db: | CNNVD | id: | CNNVD-201310-059 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2013-13553 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2013-004482 | Trust: 0.8 |
| db: | IVD | id: | 9E35BE88-2352-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
| db: | SEEBUG | id: | SSVID-89659 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-65946 | Trust: 0.1 |
| db: | ICS CERT | id: | ICSA-13-274-01 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2013-5944 | Trust: 0.1 |
sources:
IVD: 9e35be88-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-13553 //
VULHUB: VHN-65946 //
VULMON: CVE-2013-5944 //
BID: 62762 //
JVNDB: JVNDB-2013-004482 //
CNNVD: CNNVD-201310-059 //
NVD: CVE-2013-5944
REFERENCES
| url: | http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf | Trust: 2.7 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf | Trust: 1.8 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5944 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5944 | Trust: 0.8 |
| url: | http://subscriber.communications.siemens.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/287.html | Trust: 0.1 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=31114 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-13-274-01 | Trust: 0.1 |
sources:
CNVD: CNVD-2013-13553 //
VULHUB: VHN-65946 //
VULMON: CVE-2013-5944 //
BID: 62762 //
JVNDB: JVNDB-2013-004482 //
CNNVD: CNNVD-201310-059 //
NVD: CVE-2013-5944
CREDITS
Eireann Leverett of IOActive
Trust: 0.3
sources:
BID: 62762
SOURCES
| db: | IVD | id: | 9e35be88-2352-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2013-13553 |
| db: | VULHUB | id: | VHN-65946 |
| db: | VULMON | id: | CVE-2013-5944 |
| db: | BID | id: | 62762 |
| db: | JVNDB | id: | JVNDB-2013-004482 |
| db: | CNNVD | id: | CNNVD-201310-059 |
| db: | NVD | id: | CVE-2013-5944 |
LAST UPDATE DATE
2024-11-23T21:55:30.640000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-13553 | date: | 2013-10-10T00:00:00 |
| db: | VULHUB | id: | VHN-65946 | date: | 2020-02-10T00:00:00 |
| db: | VULMON | id: | CVE-2013-5944 | date: | 2020-02-10T00:00:00 |
| db: | BID | id: | 62762 | date: | 2013-10-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-004482 | date: | 2013-10-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-059 | date: | 2020-02-11T00:00:00 |
| db: | NVD | id: | CVE-2013-5944 | date: | 2024-11-21T01:58:28.080 |
SOURCES RELEASE DATE
| db: | IVD | id: | 9e35be88-2352-11e6-abef-000c29c66e3d | date: | 2013-10-10T00:00:00 |
| db: | CNVD | id: | CNVD-2013-13553 | date: | 2013-10-10T00:00:00 |
| db: | VULHUB | id: | VHN-65946 | date: | 2013-10-03T00:00:00 |
| db: | VULMON | id: | CVE-2013-5944 | date: | 2013-10-03T00:00:00 |
| db: | BID | id: | 62762 | date: | 2013-10-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-004482 | date: | 2013-10-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-059 | date: | 2013-10-09T00:00:00 |
| db: | NVD | id: | CVE-2013-5944 | date: | 2013-10-03T11:04:43.773 |