CVE-2018-13807

Name of the Vulnerable Software and Affected Versions SCALANCE X300 versions prior to 4.0.0 SCALANCE X408 versions prior to 4.0.0 SCALANCE X414 (all versions)

Description A vulnerability has been identified that could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server on port 443/tcp. This would cause the device to automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the issue. Neither valid credentials nor interaction by a legitimate user is required. The vulnerability is related to insufficient input validation and could be triggered by publicly available tools, temporarily impacting availability.

Recommendations For SCALANCE X300 versions prior to 4.0.0, update to version 4.0.0 or later. For SCALANCE X408 versions prior to 4.0.0, update to version 4.0.0 or later. For SCALANCE X414, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web interface on port 443/tcp to minimize the risk of exploitation.