Lucene search

[email protected]NVD:CVE-2013-5944

HistoryOct 03, 2013 - 11:04 a.m.

CVE-2013-5944

2013-10-0311:04:43

CWE-287

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.

Affected configurations

NVD

Node

siemensscalance_x-200_series_firmwareRange≤4.4

siemensscalance_x-200_series_firmwareMatch4.3

AND

siemensscalance_x-200Match-

Node

siemensscalance_x-200_series_firmwareRange≤5.0.1

AND

siemensscalance_x-200irtMatch-

References

www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf

cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for NVD:CVE-2013-5944

cve1 ics1 nessus1 prion1 cvelist1