CVE-2013-3633 — Siemens Scalance X200irt Firmware vulnerability

CWE-2643 documents3 sources

Severity

8.0HIGHNVD

EPSS

0.4%

top 41.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance X200irt Firmware

Timeline

PublishedMay 24

Latest updateMay 13

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.

CVSS vector

AV:N/AC:L/C:P/I:P/A:CExploitability: 8.0 | Impact: 8.5

Affected Packages1 packages

▶NVDsiemens/scalance_x200irt_firmware5.0.0

🔴Vulnerability Details

GHSA

GHSA-jpxf-vxxr-4pvx: A vulnerability has been identified in SCALANCE X-200 switch family (incl↗2022-05-13

▶

CVEList

CVE-2013-3633: A vulnerability has been identified in SCALANCE X-200 switch family (incl↗2013-05-24

▶