ID

VAR-201806-1773


CVE

CVE-2018-4848


TITLE

SCALANCE X-200 IRT and X300 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-006634

DESCRIPTION

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it. SCALANCE X-200 IRT and X300 Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. SiemensSCALANCEXSwitches is an industrial Ethernet switch from Siemens AG. A cross-site scripting vulnerability exists in SiemensSCALANCEXSwitches that allows an attacker to exploit a vulnerability for a cross-site scripting attack. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The following products and versions are vulnerable: Versions prior to SCALANCE X-200 5.2.3 Versions prior to SCALANCE X-200 IRT 5.4.1 SCALANCE X300. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML by enticing users to visit malicious links

Trust: 2.7

sources: NVD: CVE-2018-4848 // JVNDB: JVNDB-2018-006634 // CNVD: CNVD-2018-11388 // BID: 104494 // IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // VULHUB: VHN-134879

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // CNVD: CNVD-2018-11388

AFFECTED PRODUCTS

vendor:siemensmodel:scalance x-200 irtscope:ltversion:5.4.1

Trust: 1.8

vendor:siemensmodel:scalance x-200scope:ltversion:5.2.3

Trust: 1.0

vendor:siemensmodel:scalance x300scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x300scope:eqversion: -

Trust: 0.8

vendor:siemensmodel:scalancescope:eqversion:x300

Trust: 0.6

vendor:siemensmodel:scalance irtscope:eqversion:x-200<5.4.1

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x-200<5.2.3

Trust: 0.6

vendor:siemensmodel:scalance x300scope: - version: -

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x3000

Trust: 0.3

vendor:siemensmodel:scalance irtscope:eqversion:x-2000

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-2004.5

Trust: 0.3

vendor:siemensmodel:scalance irtscope:neversion:x-2005.4.1

Trust: 0.3

vendor:siemensmodel:scalancescope:neversion:x-2005.2.3

Trust: 0.3

vendor:scalance x300model: - scope:eqversion:*

Trust: 0.2

vendor:scalance x 200 irtmodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance x 200model: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // CNVD: CNVD-2018-11388 // BID: 104494 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875 // NVD: CVE-2018-4848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4848
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4848
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-11388
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-875
value: MEDIUM

Trust: 0.6

IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-134879
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4848
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11388
severity: MEDIUM
baseScore: 4.6
vectorString: AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1
severity: MEDIUM
baseScore: 4.6
vectorString: AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-134879
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4848
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // CNVD: CNVD-2018-11388 // VULHUB: VHN-134879 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875 // NVD: CVE-2018-4848

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

problemtype:CWE-80

Trust: 1.0

sources: VULHUB: VHN-134879 // JVNDB: JVNDB-2018-006634 // NVD: CVE-2018-4848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-875

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201806-875

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006634

PATCH

title:SSA-480829url:https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf

Trust: 0.8

title:Patch for SiemensSCALANCEXSwitches Cross-Site Scripting Vulnerability (CNVD-2018-11388)url:https://www.cnvd.org.cn/patchInfo/show/131839

Trust: 0.6

title:Siemens SCALANCE X-200 IRT Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=80923

Trust: 0.6

sources: CNVD: CNVD-2018-11388 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875

EXTERNAL IDS

db:NVDid:CVE-2018-4848

Trust: 3.6

db:SIEMENSid:SSA-480829

Trust: 2.6

db:BIDid:104494

Trust: 2.0

db:ICS CERTid:ICSA-18-163-02

Trust: 1.7

db:CNVDid:CNVD-2018-11388

Trust: 0.8

db:CNNVDid:CNNVD-201806-875

Trust: 0.8

db:JVNDBid:JVNDB-2018-006634

Trust: 0.8

db:IVDid:E2F33011-39AB-11E9-A6D9-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-134879

Trust: 0.1

sources: IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // CNVD: CNVD-2018-11388 // VULHUB: VHN-134879 // BID: 104494 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875 // NVD: CVE-2018-4848

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf

Trust: 2.6

url:http://www.securityfocus.com/bid/104494

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-18-163-02

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4848

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4848

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-18-163-02

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2018-11388 // VULHUB: VHN-134879 // BID: 104494 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875 // NVD: CVE-2018-4848

CREDITS

Marius Rothenbücher and Ali Abbasi

Trust: 0.3

sources: BID: 104494

SOURCES

db:IVDid:e2f33011-39ab-11e9-a6d9-000c29342cb1
db:CNVDid:CNVD-2018-11388
db:VULHUBid:VHN-134879
db:BIDid:104494
db:JVNDBid:JVNDB-2018-006634
db:CNNVDid:CNNVD-201806-875
db:NVDid:CVE-2018-4848

LAST UPDATE DATE

2024-08-14T14:51:33.966000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-11388date:2018-06-13T00:00:00
db:VULHUBid:VHN-134879date:2022-12-13T00:00:00
db:BIDid:104494date:2018-06-12T00:00:00
db:JVNDBid:JVNDB-2018-006634date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201806-875date:2022-12-14T00:00:00
db:NVDid:CVE-2018-4848date:2022-12-13T17:15:11.980

SOURCES RELEASE DATE

db:IVDid:e2f33011-39ab-11e9-a6d9-000c29342cb1date:2018-06-13T00:00:00
db:CNVDid:CNVD-2018-11388date:2018-06-13T00:00:00
db:VULHUBid:VHN-134879date:2018-06-14T00:00:00
db:BIDid:104494date:2018-06-12T00:00:00
db:JVNDBid:JVNDB-2018-006634date:2018-08-28T00:00:00
db:CNNVDid:CNNVD-201806-875date:2018-06-13T00:00:00
db:NVDid:CVE-2018-4848date:2018-06-14T16:29:00.490