ID

VAR-202001-0651


CVE

CVE-2019-13933


TITLE

SIEMENS SCALANCE X witches Series Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // CNVD: CNVD-2020-02223

DESCRIPTION

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE X-200RNA and SCALANCE X-300 The switch family is vulnerable to a lack of authentication for critical functions.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SCALANCE X witches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). The SIEMENS SCALANCE X witches series has an authentication bypass vulnerability. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Trust: 2.34

sources: NVD: CVE-2019-13933 // JVNDB: JVNDB-2019-014226 // CNVD: CNVD-2020-02223 // IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // CNVD: CNVD-2020-02223

AFFECTED PRODUCTS

vendor:siemensmodel:scalance x408-2scope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:siplus net csm 1277scope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:scalance xr-300wgscope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:scalance xr-300scope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:scalance x-300scope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:scalance x204rnascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200rnascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance switch familyscope:eqversion:x-300x408<v4.1.3

Trust: 0.8

vendor:siemensmodel:scalance x-200rnascope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x204rnascope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x408-2scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300wgscope: - version: -

Trust: 0.8

vendor:siemensmodel:siplus net csm 1277scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-200rna switch familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance x-200rna switch familyscope:eqversion:*

Trust: 0.2

sources: IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // CNVD: CNVD-2020-02223 // JVNDB: JVNDB-2019-014226 // NVD: CVE-2019-13933

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13933
value: HIGH

Trust: 1.0

NVD: CVE-2019-13933
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-02223
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-530
value: HIGH

Trust: 0.6

IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-13933
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02223
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13933
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-13933
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // CNVD: CNVD-2020-02223 // JVNDB: JVNDB-2019-014226 // CNNVD: CNNVD-202001-530 // NVD: CVE-2019-13933

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2019-014226 // NVD: CVE-2019-13933

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-530

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202001-530

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014226

PATCH

title:SSA-443566url:https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf

Trust: 0.8

title:Patch for SIEMENS SCALANCE X witches series authentication bypass vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/197089

Trust: 0.6

title:Siemens SCALANCE X Switches Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=106865

Trust: 0.6

sources: CNVD: CNVD-2020-02223 // JVNDB: JVNDB-2019-014226 // CNNVD: CNNVD-202001-530

EXTERNAL IDS

db:NVDid:CVE-2019-13933

Trust: 3.2

db:ICS CERTid:ICSA-20-014-03

Trust: 2.4

db:SIEMENSid:SSA-443566

Trust: 2.2

db:CNVDid:CNVD-2020-02223

Trust: 0.8

db:CNNVDid:CNNVD-202001-530

Trust: 0.8

db:JVNDBid:JVNDB-2019-014226

Trust: 0.8

db:AUSCERTid:ESB-2020.0158

Trust: 0.6

db:IVDid:5C3F58D0-851D-4804-9A0A-DCAFE01C8AFA

Trust: 0.2

sources: IVD: 5c3f58d0-851d-4804-9a0a-dcafe01c8afa // CNVD: CNVD-2020-02223 // JVNDB: JVNDB-2019-014226 // CNNVD: CNNVD-202001-530 // NVD: CVE-2019-13933

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-014-03

Trust: 3.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13933

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13933

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-014-03

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0158/

Trust: 0.6

sources: CNVD: CNVD-2020-02223 // JVNDB: JVNDB-2019-014226 // CNNVD: CNNVD-202001-530 // NVD: CVE-2019-13933

CREDITS

Maxim Rupp reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202001-530

SOURCES

db:IVDid:5c3f58d0-851d-4804-9a0a-dcafe01c8afa
db:CNVDid:CNVD-2020-02223
db:JVNDBid:JVNDB-2019-014226
db:CNNVDid:CNNVD-202001-530
db:NVDid:CVE-2019-13933

LAST UPDATE DATE

2024-08-14T14:38:39.254000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-02223date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2019-014226date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-530date:2022-12-14T00:00:00
db:NVDid:CVE-2019-13933date:2022-12-13T17:15:12.680

SOURCES RELEASE DATE

db:IVDid:5c3f58d0-851d-4804-9a0a-dcafe01c8afadate:2020-01-14T00:00:00
db:CNVDid:CNVD-2020-02223date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2019-014226date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-530date:2020-01-14T00:00:00
db:NVDid:CVE-2019-13933date:2020-01-16T16:15:16.187