CVE-2019-13933

CWE-306 — Missing Authentication3 documents3 sources

Severity

8.6HIGH

EPSS

0.7%

top 27.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance X-300 Firmware Siemens Scalance X408-2 Firmware Siemens Scalance Xr-300 Firmware +33 more

Timeline

PublishedJan 16

Latest updateMay 24

Description

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:LExploitability: 3.9 | Impact: 4.7

Affected Packages36 packages

▶CVEListV5siemens/scalance_x307-2_eec_(230v)All versions < V4.1.3

▶CVEListV5siemens/scalance_x307-2_eec_(2x_230v)All versions < V4.1.3

▶CVEListV5siemens/scalance_x302-7_eec_(230v)All versions < V4.1.3

▶CVEListV5siemens/scalance_x302-7_eec_(2x_230v)All versions < V4.1.3

▶CVEListV5siemens/scalance_xr324-12m_ts_(24v)All versions < V4.1.3

🔴Vulnerability Details

GHSA

GHSA-5vx5-pc42-77fx: A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl↗2022-05-24

▶

CVEList

CVE-2019-13933: A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANC↗2020-01-16

▶