CVE-2013-4652
published 2013-08-01CVE-2013-4652: Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to…
PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.92%
92.3th percentile
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | scalance_w700_series_firmware | <= 4.4.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated SSH (port 22/TCP) and Telnet (port 23/TCP) connection attempts to Siemens Scalance W7xx devices, particularly those that succeed without valid credentials — indicative of authentication bypass exploitation. ↗
- →Alert on any Telnet (port 23/TCP) access to Scalance W7xx devices from untrusted or external network segments, as Telnet should not be exposed and its use here enables unauthenticated remote code execution. ↗
- ·All Siemens Scalance W7xx firmware versions prior to V4.5.4 are vulnerable; the authentication bypass affects the command-line management interface exposed via SSH and Telnet. Patch to V4.5.4 or later to remediate. ↗
- ·No known public exploits were identified at time of advisory publication, but the vulnerability is rated CVSS v2 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C), meaning it is trivially exploitable remotely with no authentication required. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Scalance W-7xx Product Family Multiple Vulnerabilities
cisa_ics·2013-08-02
Siemens Scalance W-7xx Product Family Multiple Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Scalance W-7xx Product Family Multiple Vulnerabilities
Last RevisedAugust 02, 2013
Alert CodeICSA-13-213-01
## OVERVIEW
Siemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the vulnerabilities. Exploitation of these vulnerabilities could allow a man-in-the-middle attack or the ability to gain complete control of the system.
These vulnerabilities coul
GHSA
GHSA-g58f-pj48-2p3r: Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4
ghsa_unreviewed·2022-05-17
CVE-2013-4652 [HIGH] GHSA-g58f-pj48-2p3r: Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-08-01
Published