Details of VAR-201806-1770

ID

VAR-201806-1770

CVE

CVE-2018-4842

TITLE

Siemens SCALANCE X Switches Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389

DESCRIPTION

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it. plural SCALANCE The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SiemensSCALANCEXSwitches is an industrial Ethernet switch from Siemens AG. There is a cross-site scripting vulnerability in SiemensSCALANCEXSwitches. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The following products and versions are vulnerable: Versions prior to SCALANCE X-200 5.2.3 Versions prior to SCALANCE X-200 IRT 5.4.1 SCALANCE X300

Trust: 2.7

sources: NVD: CVE-2018-4842 // JVNDB: JVNDB-2018-006544 // CNVD: CNVD-2018-11389 // BID: 104494 // IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // VULHUB: VHN-134873

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance x300	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	scalance x200irt	scope:	lt	version:	5.4.1	Trust: 1.0
vendor:	siemens	model:	scalance x200	scope:	lt	version:	5.2.3	Trust: 1.0
vendor:	siemens	model:	scalance x-300	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x200 irt	scope:	lt	version:	5.4.1	Trust: 0.8
vendor:	siemens	model:	scalance x200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance	scope:	eq	version:	x300	Trust: 0.6
vendor:	siemens	model:	scalance irt	scope:	eq	version:	x-200<5.4.1	Trust: 0.6
vendor:	siemens	model:	scalance x200irt	scope:	eq	version:	5.0.0	Trust: 0.6
vendor:	siemens	model:	scalance x200irt	scope:	eq	version:	5.1.0	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x3000	Trust: 0.3
vendor:	siemens	model:	scalance irt	scope:	eq	version:	x-2000	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x-2004.5	Trust: 0.3
vendor:	siemens	model:	scalance irt	scope:	ne	version:	x-2005.4.1	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	ne	version:	x-2005.2.3	Trust: 0.3
vendor:	scalance x200irt	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance x300	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance x200	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389 // BID: 104494 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874 // NVD: CVE-2018-4842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4842
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4842
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-11389
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201806-874
value:	MEDIUM
Trust: 0.6
IVD:	e2f35721-39ab-11e9-8d5a-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-134873
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-4842
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-11389
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f35721-39ab-11e9-8d5a-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-134873
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4842
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389 // VULHUB: VHN-134873 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874 // NVD: CVE-2018-4842

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-134873 // JVNDB: JVNDB-2018-006544 // NVD: CVE-2018-4842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-874

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201806-874

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006544

PATCH

title:	SSA-480829	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf	Trust: 0.8
title:	Patch for SiemensSCALANCEXSwitches cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/131837	Trust: 0.6
title:	Siemens SCALANCE X-200 IRT and SCALANCE X300 Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=80922	Trust: 0.6

sources: CNVD: CNVD-2018-11389 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4842	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-163-02	Trust: 2.3
db:	SIEMENS	id:	SSA-480829	Trust: 2.0
db:	BID	id:	104494	Trust: 2.0
db:	CNNVD	id:	CNNVD-201806-874	Trust: 0.9
db:	CNVD	id:	CNVD-2018-11389	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-006544	Trust: 0.8
db:	IVD	id:	E2F35721-39AB-11E9-8D5A-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-134873	Trust: 0.1

sources: IVD: e2f35721-39ab-11e9-8d5a-000c29342cb1 // CNVD: CNVD-2018-11389 // VULHUB: VHN-134873 // BID: 104494 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874 // NVD: CVE-2018-4842

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf	Trust: 2.0
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-163-02	Trust: 1.7
url:	https://www.securityfocus.com/bid/104494	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4842	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4842	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-18-163-02	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-11389 // VULHUB: VHN-134873 // BID: 104494 // JVNDB: JVNDB-2018-006544 // CNNVD: CNNVD-201806-874 // NVD: CVE-2018-4842

CREDITS

Marius Rothenbücher and Ali Abbasi

Trust: 0.3

sources: BID: 104494

SOURCES

db:	IVD	id:	e2f35721-39ab-11e9-8d5a-000c29342cb1
db:	CNVD	id:	CNVD-2018-11389
db:	VULHUB	id:	VHN-134873
db:	BID	id:	104494
db:	JVNDB	id:	JVNDB-2018-006544
db:	CNNVD	id:	CNNVD-201806-874
db:	NVD	id:	CVE-2018-4842

LAST UPDATE DATE

2024-08-14T14:51:33.925000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11389	date:	2018-06-13T00:00:00
db:	VULHUB	id:	VHN-134873	date:	2022-12-13T00:00:00
db:	BID	id:	104494	date:	2018-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-006544	date:	2018-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201806-874	date:	2022-12-14T00:00:00
db:	NVD	id:	CVE-2018-4842	date:	2022-12-13T17:15:11.860

SOURCES RELEASE DATE

db:	IVD	id:	e2f35721-39ab-11e9-8d5a-000c29342cb1	date:	2018-06-13T00:00:00
db:	CNVD	id:	CNVD-2018-11389	date:	2018-06-13T00:00:00
db:	VULHUB	id:	VHN-134873	date:	2018-06-14T00:00:00
db:	BID	id:	104494	date:	2018-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-006544	date:	2018-08-24T00:00:00
db:	CNNVD	id:	CNNVD-201806-874	date:	2018-06-13T00:00:00
db:	NVD	id:	CVE-2018-4842	date:	2018-06-14T16:29:00.397