Sign-up

ID

VAR-202001-0651


CVE

CVE-2019-13933


TITLE

SIEMENS SCALANCE X witches Series Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // CNVD: CNVD-2020-02223

DESCRIPTION

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE X-200RNA and SCALANCE X-300 The switch family is vulnerable to a lack of authentication for critical functions.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SCALANCE X witches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). The SIEMENS SCALANCE X witches series has an authentication bypass vulnerability. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Trust: 2.34

sources: NVD: CVE-2019-13933 // JVNDB: JVNDB-2019-014226 // CNVD: CNVD-2020-02223 // IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // CNVD: CNVD-2020-02223

AFFECTED PRODUCTS

vendor:siemensmodel:scalance x408-2scope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:siplus net csm 1277scope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:scalance xr-300wgscope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:scalance xr-300scope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:scalance x-300scope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:scalance x204rnascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200rnascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance switch familyscope:eqversion:x-300x408<v4.1.3

Trust: 0.8

vendor:siemensmodel:scalance x-200rnascope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x204rnascope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x408-2scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300wgscope: - version: -

Trust: 0.8

vendor:siemensmodel:siplus net csm 1277scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-200rna switch familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance x-200rna switch familyscope:eqversion:*

Trust: 0.2

sources: IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // CNVD: CNVD-2020-02223 // JVNDB: JVNDB-2019-014226 // NVD: CVE-2019-13933

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13933
value: HIGH

Trust: 1.0

NVD: CVE-2019-13933
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-02223
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-530
value: HIGH

Trust: 0.6

IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-13933
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02223
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13933
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-13933
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // CNVD: CNVD-2020-02223 // JVNDB: JVNDB-2019-014226 // CNNVD: CNNVD-202001-530 // NVD: CVE-2019-13933

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2019-014226 // NVD: CVE-2019-13933

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-530

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202001-530

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014226

PATCH
title:SSA-443566url:https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf
Trust: 0.8
title:Patch for SIEMENS SCALANCE X witches series authentication bypass vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/197089
Trust: 0.6
title:Siemens SCALANCE X Switches Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=106865
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02223 // 
            
            
            
            JVNDB: JVNDB-2019-014226 // 
            
            
            
            CNNVD: CNNVD-202001-530

EXTERNAL IDS
db:NVDid:CVE-2019-13933
Trust: 3.2
db:ICS CERTid:ICSA-20-014-03
Trust: 2.4
db:SIEMENSid:SSA-443566
Trust: 2.2
db:CNVDid:CNVD-2020-02223
Trust: 0.8
db:CNNVDid:CNNVD-202001-530
Trust: 0.8
db:JVNDBid:JVNDB-2019-014226
Trust: 0.8
db:AUSCERTid:ESB-2020.0158
Trust: 0.6
db:IVDid:5C3F58D0-851D-4804-9A0A-DCAFE01C8AFA
Trust: 0.2
sources:
            
            
            IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // 
            
            
            
            CNVD: CNVD-2020-02223 // 
            
            
            
            JVNDB: JVNDB-2019-014226 // 
            
            
            
            CNNVD: CNNVD-202001-530 // 
            
            
            
            NVD: CVE-2019-13933

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-014-03
Trust: 3.0
url:https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-13933
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13933
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-014-03
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0158/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02223 // 
            
            
            
            JVNDB: JVNDB-2019-014226 // 
            
            
            
            CNNVD: CNNVD-202001-530 // 
            
            
            
            NVD: CVE-2019-13933

CREDITS
Maxim Rupp reported this vulnerability to Siemens.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202001-530

SOURCES
db:IVDid:5c3f58d0-851d-4804-9a0a-dcafe01c8afa
db:CNVDid:CNVD-2020-02223
db:JVNDBid:JVNDB-2019-014226
db:CNNVDid:CNNVD-202001-530
db:NVDid:CVE-2019-13933

LAST UPDATE DATE
2024-08-14T14:38:39.254000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02223date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2019-014226date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-530date:2022-12-14T00:00:00
db:NVDid:CVE-2019-13933date:2022-12-13T17:15:12.680

SOURCES RELEASE DATE
db:IVDid:5c3f58d0-851d-4804-9a0a-dcafe01c8afadate:2020-01-14T00:00:00
db:CNVDid:CNVD-2020-02223date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2019-014226date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-530date:2020-01-14T00:00:00
db:NVDid:CVE-2019-13933date:2020-01-16T16:15:16.187