Sign-up

ID

VAR-201809-0291


CVE

CVE-2018-13807


TITLE

Siemens SCALANCE X Switches Input validation vulnerability

Trust: 0.8

sources: IVD: e2fa34f1-39ab-11e9-92aa-000c29342cb1 // CNVD: CNVD-2018-18612

DESCRIPTION

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools. SCALANCE X300 , X408 , X414 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSCALANCEXSwitches is an industrial Ethernet switch from Siemens AG. Multiple Siemens SCALANCE X Switches are prone to a denial-of-service vulnerability. Successfully exploiting this issue allows an attacker to reboot the affected device, denying service to legitimate users

Trust: 2.7

sources: NVD: CVE-2018-13807 // JVNDB: JVNDB-2018-011164 // CNVD: CNVD-2018-18612 // BID: 105331 // IVD: e2fa34f1-39ab-11e9-92aa-000c29342cb1 // VULHUB: VHN-123903

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2fa34f1-39ab-11e9-92aa-000c29342cb1 // CNVD: CNVD-2018-18612

AFFECTED PRODUCTS

vendor:siemensmodel:scalance x300scope:ltversion:4.0.0

Trust: 1.8

vendor:siemensmodel:scalance x408scope:ltversion:4.0.0

Trust: 1.8

vendor:siemensmodel:scalance x414scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:scalancescope:eqversion:x408<4.0.0

Trust: 0.8

vendor:siemensmodel:scalancescope:eqversion:x300<4.0.0

Trust: 0.8

vendor:siemensmodel:scalance x414scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalancescope:eqversion:x414

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x4140

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x4083.0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.7.2

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.7.0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.5.1

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.5.0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.3.1

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3003.0.0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3002.3.1

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3002.2.0

Trust: 0.3

vendor:siemensmodel:scalancescope:neversion:x4084.1.2

Trust: 0.3

vendor:siemensmodel:scalancescope:neversion:x-3004.1.2

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x414*

Trust: 0.2

sources: IVD: e2fa34f1-39ab-11e9-92aa-000c29342cb1 // CNVD: CNVD-2018-18612 // BID: 105331 // JVNDB: JVNDB-2018-011164 // CNNVD: CNNVD-201809-639 // NVD: CVE-2018-13807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13807
value: HIGH

Trust: 1.0

NVD: CVE-2018-13807
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-18612
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-639
value: HIGH

Trust: 0.6

IVD: e2fa34f1-39ab-11e9-92aa-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-123903
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-13807
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-18612
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fa34f1-39ab-11e9-92aa-000c29342cb1
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-123903
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13807
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: IVD: e2fa34f1-39ab-11e9-92aa-000c29342cb1 // CNVD: CNVD-2018-18612 // VULHUB: VHN-123903 // JVNDB: JVNDB-2018-011164 // CNNVD: CNNVD-201809-639 // NVD: CVE-2018-13807

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-123903 // JVNDB: JVNDB-2018-011164 // NVD: CVE-2018-13807

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-639

TYPE

Input validation error

Trust: 0.8

sources: IVD: e2fa34f1-39ab-11e9-92aa-000c29342cb1 // CNNVD: CNNVD-201809-639

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011164

PATCH
title:SSA-447396url:https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf
Trust: 0.8
title:SiemensSCALANCEXSwitches enters patches for verification vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/140019
Trust: 0.6
title:Siemens SCALANCE X300 , SCALANCE X408  and SCALANCE X414 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84892
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-18612 // 
            
            
            
            JVNDB: JVNDB-2018-011164 // 
            
            
            
            CNNVD: CNNVD-201809-639

EXTERNAL IDS
db:NVDid:CVE-2018-13807
Trust: 3.6
db:ICS CERTid:ICSA-18-254-05
Trust: 3.4
db:BIDid:105331
Trust: 2.0
db:SIEMENSid:SSA-447396
Trust: 1.7
db:CNNVDid:CNNVD-201809-639
Trust: 0.9
db:CNVDid:CNVD-2018-18612
Trust: 0.8
db:JVNDBid:JVNDB-2018-011164
Trust: 0.8
db:IVDid:E2FA34F1-39AB-11E9-92AA-000C29342CB1
Trust: 0.2
db:SEEBUGid:SSVID-98900
Trust: 0.1
db:VULHUBid:VHN-123903
Trust: 0.1
sources:
            
            
            IVD: e2fa34f1-39ab-11e9-92aa-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-18612 // 
            
            
            
            VULHUB: VHN-123903 // 
            
            
            
            BID: 105331 // 
            
            
            
            JVNDB: JVNDB-2018-011164 // 
            
            
            
            CNNVD: CNNVD-201809-639 // 
            
            
            
            NVD: CVE-2018-13807

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-254-05
Trust: 3.4
url:http://www.securityfocus.com/bid/105331
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13807
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-13807
Trust: 0.8
url:http://www.automation.siemens.com/mcms/industrial-communication/en/ie/ie_switches_media-converters/pages/ie_switches_media-converters.aspx
Trust: 0.3
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-18612 // 
            
            
            
            VULHUB: VHN-123903 // 
            
            
            
            BID: 105331 // 
            
            
            
            JVNDB: JVNDB-2018-011164 // 
            
            
            
            CNNVD: CNNVD-201809-639 // 
            
            
            
            NVD: CVE-2018-13807

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 105331

SOURCES
db:IVDid:e2fa34f1-39ab-11e9-92aa-000c29342cb1
db:CNVDid:CNVD-2018-18612
db:VULHUBid:VHN-123903
db:BIDid:105331
db:JVNDBid:JVNDB-2018-011164
db:CNNVDid:CNNVD-201809-639
db:NVDid:CVE-2018-13807

LAST UPDATE DATE
2024-08-14T15:34:13.264000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-18612date:2018-09-13T00:00:00
db:VULHUBid:VHN-123903date:2019-10-09T00:00:00
db:BIDid:105331date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2018-011164date:2019-01-08T00:00:00
db:CNNVDid:CNNVD-201809-639date:2019-10-17T00:00:00
db:NVDid:CVE-2018-13807date:2019-10-09T23:34:32.950

SOURCES RELEASE DATE
db:IVDid:e2fa34f1-39ab-11e9-92aa-000c29342cb1date:2018-09-13T00:00:00
db:CNVDid:CNVD-2018-18612date:2018-09-13T00:00:00
db:VULHUBid:VHN-123903date:2018-09-12T00:00:00
db:BIDid:105331date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2018-011164date:2019-01-08T00:00:00
db:CNNVDid:CNNVD-201809-639date:2018-09-13T00:00:00
db:NVDid:CVE-2018-13807date:2018-09-12T13:29:01.157