CVE-2018-4833

Name of the Vulnerable Software and Affected Versions RFID 181EIP versions prior to not specified RUGGEDCOM Win versions 4.4 through 5.1 SCALANCE X-200 switch family versions prior to 5.2.3 SCALANCE X-200IRT switch family versions prior to 5.4.1 SCALANCE X-200RNA switch family versions prior to 3.2.6 SCALANCE X-300 switch family versions prior to 4.1.3 SCALANCE X408 versions prior to 4.1.3 SCALANCE X414 version not specified SIMATIC RF182C version not specified

Description The issue is related to errors in privileges and access control mechanisms in the software of Siemens network equipment. Exploitation of this issue may allow a remote attacker to execute arbitrary code by sending a specially crafted response to a client's DHCP request. Unprivileged remote attackers in the same local network segment could gain remote code execution on the affected products.

Recommendations For RFID 181EIP, update to a version that fixes the issue, however the fixed version is not specified. For RUGGEDCOM Win versions 4.4 through 5.1, update to a version that fixes the issue, however the fixed version is not specified. For SCALANCE X-200 switch family versions prior to 5.2.3, update to version 5.2.3 or later. For SCALANCE X-200IRT switch family versions prior to 5.4.1, update to version 5.4.1 or later. For SCALANCE X-200RNA switch family versions prior to 3.2.6, update to version 3.2.6 or later. For SCALANCE X-300 switch family versions prior to 4.1.3, update to version 4.1.3 or later. For SCALANCE X408 versions prior to 4.1.3, update to version 4.1.3 or later. For SCALANCE X414, update to a version that fixes the issue, however the fixed version is not specified. For SIMATIC RF182C, update to a version that fixes the issue, however the fixed version is not specified.