CVE-2013-3634 — Improper Input Validation in Siemens Scalance X200irt Firmware

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

CNA8.0

EPSS

0.3%

top 47.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance X200irt Firmware

Timeline

PublishedMay 24

Latest updateMay 13

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsiemens/scalance_x200irt_firmware5.0.0

🔴Vulnerability Details

GHSA

GHSA-c9w7-6876-4mvr: A vulnerability has been identified in SCALANCE X-200 switch family (incl↗2022-05-13

▶

CVEList

CVE-2013-3634: A vulnerability has been identified in SCALANCE X-200 switch family (incl↗2013-05-24

▶