cbcvebase.
CVE-2013-4652
published 2013-08-01

CVE-2013-4652: Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to…

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.92%
92.3th percentile
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.

Affected

1 ranges
VendorProductVersion rangeFixed in
siemensscalance_w700_series_firmware<= 4.4.0

Detection & IOCsextracted from sources · hover to see the quote

port22/TCP (SSH)
port23/TCP (Telnet)
  • Monitor for unauthenticated SSH (port 22/TCP) and Telnet (port 23/TCP) connection attempts to Siemens Scalance W7xx devices, particularly those that succeed without valid credentials — indicative of authentication bypass exploitation.
  • Alert on any Telnet (port 23/TCP) access to Scalance W7xx devices from untrusted or external network segments, as Telnet should not be exposed and its use here enables unauthenticated remote code execution.
  • ·All Siemens Scalance W7xx firmware versions prior to V4.5.4 are vulnerable; the authentication bypass affects the command-line management interface exposed via SSH and Telnet. Patch to V4.5.4 or later to remediate.
  • ·No known public exploits were identified at time of advisory publication, but the vulnerability is rated CVSS v2 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C), meaning it is trivially exploitable remotely with no authentication required.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.