Details of VAR-201806-1773

ID

VAR-201806-1773

CVE

CVE-2018-4848

TITLE

SCALANCE X-200 IRT and X300 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-006634

DESCRIPTION

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it. SCALANCE X-200 IRT and X300 Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. SiemensSCALANCEXSwitches is an industrial Ethernet switch from Siemens AG. A cross-site scripting vulnerability exists in SiemensSCALANCEXSwitches that allows an attacker to exploit a vulnerability for a cross-site scripting attack. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The following products and versions are vulnerable: Versions prior to SCALANCE X-200 5.2.3 Versions prior to SCALANCE X-200 IRT 5.4.1 SCALANCE X300. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML by enticing users to visit malicious links

Trust: 2.7

sources: NVD: CVE-2018-4848 // JVNDB: JVNDB-2018-006634 // CNVD: CNVD-2018-11388 // BID: 104494 // IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // VULHUB: VHN-134879

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // CNVD: CNVD-2018-11388

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance x-200 irt	scope:	lt	version:	5.4.1	Trust: 1.8
vendor:	siemens	model:	scalance x-200	scope:	lt	version:	5.2.3	Trust: 1.0
vendor:	siemens	model:	scalance x300	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x-200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x300	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance	scope:	eq	version:	x300	Trust: 0.6
vendor:	siemens	model:	scalance irt	scope:	eq	version:	x-200<5.4.1	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x-200<5.2.3	Trust: 0.6
vendor:	siemens	model:	scalance x300	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x3000	Trust: 0.3
vendor:	siemens	model:	scalance irt	scope:	eq	version:	x-2000	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x-2004.5	Trust: 0.3
vendor:	siemens	model:	scalance irt	scope:	ne	version:	x-2005.4.1	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	ne	version:	x-2005.2.3	Trust: 0.3
vendor:	scalance x300	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance x 200 irt	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance x 200	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // CNVD: CNVD-2018-11388 // BID: 104494 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875 // NVD: CVE-2018-4848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4848
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4848
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-11388
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201806-875
value:	MEDIUM
Trust: 0.6
IVD:	e2f33011-39ab-11e9-a6d9-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-134879
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4848
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-11388
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f33011-39ab-11e9-a6d9-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-134879
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4848
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // CNVD: CNVD-2018-11388 // VULHUB: VHN-134879 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875 // NVD: CVE-2018-4848

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.9
problemtype:	CWE-80	Trust: 1.0

sources: VULHUB: VHN-134879 // JVNDB: JVNDB-2018-006634 // NVD: CVE-2018-4848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-875

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201806-875

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006634

PATCH

title:	SSA-480829	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf	Trust: 0.8
title:	Patch for SiemensSCALANCEXSwitches Cross-Site Scripting Vulnerability (CNVD-2018-11388)	url:	https://www.cnvd.org.cn/patchInfo/show/131839	Trust: 0.6
title:	Siemens SCALANCE X-200 IRT Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=80923	Trust: 0.6

sources: CNVD: CNVD-2018-11388 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4848	Trust: 3.6
db:	SIEMENS	id:	SSA-480829	Trust: 2.6
db:	BID	id:	104494	Trust: 2.0
db:	ICS CERT	id:	ICSA-18-163-02	Trust: 1.7
db:	CNVD	id:	CNVD-2018-11388	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-875	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-006634	Trust: 0.8
db:	IVD	id:	E2F33011-39AB-11E9-A6D9-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-134879	Trust: 0.1

sources: IVD: e2f33011-39ab-11e9-a6d9-000c29342cb1 // CNVD: CNVD-2018-11388 // VULHUB: VHN-134879 // BID: 104494 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875 // NVD: CVE-2018-4848

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf	Trust: 2.6
url:	http://www.securityfocus.com/bid/104494	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-163-02	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4848	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4848	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-18-163-02	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-11388 // VULHUB: VHN-134879 // BID: 104494 // JVNDB: JVNDB-2018-006634 // CNNVD: CNNVD-201806-875 // NVD: CVE-2018-4848

CREDITS

Marius Rothenbücher and Ali Abbasi

Trust: 0.3

sources: BID: 104494

SOURCES

db:	IVD	id:	e2f33011-39ab-11e9-a6d9-000c29342cb1
db:	CNVD	id:	CNVD-2018-11388
db:	VULHUB	id:	VHN-134879
db:	BID	id:	104494
db:	JVNDB	id:	JVNDB-2018-006634
db:	CNNVD	id:	CNNVD-201806-875
db:	NVD	id:	CVE-2018-4848

LAST UPDATE DATE

2024-08-14T14:51:33.966000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11388	date:	2018-06-13T00:00:00
db:	VULHUB	id:	VHN-134879	date:	2022-12-13T00:00:00
db:	BID	id:	104494	date:	2018-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-006634	date:	2018-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201806-875	date:	2022-12-14T00:00:00
db:	NVD	id:	CVE-2018-4848	date:	2022-12-13T17:15:11.980

SOURCES RELEASE DATE

db:	IVD	id:	e2f33011-39ab-11e9-a6d9-000c29342cb1	date:	2018-06-13T00:00:00
db:	CNVD	id:	CNVD-2018-11388	date:	2018-06-13T00:00:00
db:	VULHUB	id:	VHN-134879	date:	2018-06-14T00:00:00
db:	BID	id:	104494	date:	2018-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-006634	date:	2018-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201806-875	date:	2018-06-13T00:00:00
db:	NVD	id:	CVE-2018-4848	date:	2018-06-14T16:29:00.490