ID

VAR-201806-1770


CVE

CVE-2018-4842


TITLE

Siemens SCALANCE X Switches Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389

DESCRIPTION

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it. plural SCALANCE The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SiemensSCALANCEXSwitches is an industrial Ethernet switch from Siemens AG. There is a cross-site scripting vulnerability in SiemensSCALANCEXSwitches. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The following products and versions are vulnerable: Versions prior to SCALANCE X-200 5.2.3 Versions prior to SCALANCE X-200 IRT 5.4.1 SCALANCE X300

Trust: 2.7

sources: NVD: CVE-2018-4842 // JVNDB: JVNDB-2018-006544 // CNVD: CNVD-2018-11389 // BID: 104494 // IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // VULHUB: VHN-134873

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389

AFFECTED PRODUCTS

vendor:siemensmodel:scalance x300scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:scalance x200irtscope:ltversion:5.4.1

Trust: 1.0

vendor:siemensmodel:scalance x200scope:ltversion:5.2.3

Trust: 1.0

vendor:siemensmodel:scalance x-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x200 irtscope:ltversion:5.4.1

Trust: 0.8

vendor:siemensmodel:scalance x200scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalancescope:eqversion:x300

Trust: 0.6

vendor:siemensmodel:scalance irtscope:eqversion:x-200<5.4.1

Trust: 0.6

vendor:siemensmodel:scalance x200irtscope:eqversion:5.0.0

Trust: 0.6

vendor:siemensmodel:scalance x200irtscope:eqversion:5.1.0

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x3000

Trust: 0.3

vendor:siemensmodel:scalance irtscope:eqversion:x-2000

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-2004.5

Trust: 0.3

vendor:siemensmodel:scalance irtscope:neversion:x-2005.4.1

Trust: 0.3

vendor:siemensmodel:scalancescope:neversion:x-2005.2.3

Trust: 0.3

vendor:scalance x200irtmodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance x300model: - scope:eqversion: -

Trust: 0.2

vendor:scalance x200model: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389 // BID: 104494 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874 // NVD: CVE-2018-4842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4842
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4842
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-11389
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-874
value: MEDIUM

Trust: 0.6

IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-134873
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-4842
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11389
severity: MEDIUM
baseScore: 4.6
vectorString: AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1
severity: MEDIUM
baseScore: 4.6
vectorString: AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-134873
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4842
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389 // VULHUB: VHN-134873 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874 // NVD: CVE-2018-4842

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-134873 // JVNDB: JVNDB-2018-006544 // NVD: CVE-2018-4842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-874

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201806-874

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006544

PATCH

title:SSA-480829url:https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf

Trust: 0.8

title:Patch for SiemensSCALANCEXSwitches cross-site scripting vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/131837

Trust: 0.6

title:Siemens SCALANCE X-200 IRT and SCALANCE X300 Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=80922

Trust: 0.6

sources: CNVD: CNVD-2018-11389 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874

EXTERNAL IDS

db:NVDid:CVE-2018-4842

Trust: 3.6

db:ICS CERTid:ICSA-18-163-02

Trust: 2.3

db:SIEMENSid:SSA-480829

Trust: 2.0

db:BIDid:104494

Trust: 2.0

db:CNNVDid:CNNVD-201806-874

Trust: 0.9

db:CNVDid:CNVD-2018-11389

Trust: 0.8

db:JVNDBid:JVNDB-2018-006544

Trust: 0.8

db:IVDid:E2F35721-39AB-11E9-8D5A-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-134873

Trust: 0.1

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389 // VULHUB: VHN-134873 // BID: 104494 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874 // NVD: CVE-2018-4842

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf

Trust: 2.0

url:https://ics-cert.us-cert.gov/advisories/icsa-18-163-02

Trust: 1.7

url:https://www.securityfocus.com/bid/104494

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4842

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4842

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-18-163-02

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2018-11389 // VULHUB: VHN-134873 // BID: 104494 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874 // NVD: CVE-2018-4842

CREDITS

Marius Rothenbücher and Ali Abbasi

Trust: 0.3

sources: BID: 104494

SOURCES

db:IVDid:e2f35721-39ab-11e9-8d5a-000c29342cb1
db:CNVDid:CNVD-2018-11389
db:VULHUBid:VHN-134873
db:BIDid:104494
db:JVNDBid:JVNDB-2018-006544
db:CNNVDid:CNNVD-201806-874
db:NVDid:CVE-2018-4842

LAST UPDATE DATE

2024-08-14T14:51:33.925000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-11389date:2018-06-13T00:00:00
db:VULHUBid:VHN-134873date:2022-12-13T00:00:00
db:BIDid:104494date:2018-06-12T00:00:00
db:JVNDBid:JVNDB-2018-006544date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201806-874date:2022-12-14T00:00:00
db:NVDid:CVE-2018-4842date:2022-12-13T17:15:11.860

SOURCES RELEASE DATE

db:IVDid:e2f35721-39ab-11e9-8d5a-000c29342cb1date:2018-06-13T00:00:00
db:CNVDid:CNVD-2018-11389date:2018-06-13T00:00:00
db:VULHUBid:VHN-134873date:2018-06-14T00:00:00
db:BIDid:104494date:2018-06-12T00:00:00
db:JVNDBid:JVNDB-2018-006544date:2018-08-24T00:00:00
db:CNNVDid:CNNVD-201806-874date:2018-06-13T00:00:00
db:NVDid:CVE-2018-4842date:2018-06-14T16:29:00.397