PT-2013-4531 · Siemens · Scalance X200-4P Irt+4

Published

2013-05-24

Updated

2019-12-12

CVE-2013-3633

CVSS v2.0

8.0

High

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:C

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-3633

Affected Products

Scalance X200-4P Irt

Scalance X200Irt Firmware

Scalance X201-3P Irt

Scalance X202-2P Irt

Scalance X204Irt

PT-2013-4531 · Siemens · Scalance X200-4P Irt+4

CVE-2013-3633

Weakness Enumeration

Related Identifiers

Affected Products

References · 2