CVE-2019-13924

Name of the Vulnerable Software and Affected Versions: SCALANCE S602 versions prior to V4.1 SCALANCE S612 versions prior to V4.1 SCALANCE S623 versions prior to V4.1 SCALANCE S627-2M versions prior to V4.1 SCALANCE X-200 switch family versions prior to 5.2.4 SCALANCE X-200IRT switch family versions prior to V5.5.0 SCALANCE X-200RNA switch family versions prior to V3.2.7 SCALANCE X-300 switch family versions prior to 4.1.3

Description: The device is vulnerable to Clickjacking attacks due to the absence of the X-Frame-Option Header in the administrative web interface. An attacker could exploit this by tricking an administrative user into clicking on a malicious website, potentially allowing the attacker to perform administrative actions via the web interface.

Recommendations: For SCALANCE S602 versions prior to V4.1, update to version V4.1 or later. For SCALANCE S612 versions prior to V4.1, update to version V4.1 or later. For SCALANCE S623 versions prior to V4.1, update to version V4.1 or later. For SCALANCE S627-2M versions prior to V4.1, update to version V4.1 or later. For SCALANCE X-200 switch family versions prior to 5.2.4, update to version 5.2.4 or later. For SCALANCE X-200IRT switch family versions prior to V5.5.0, update to version V5.5.0 or later. For SCALANCE X-200RNA switch family versions prior to V3.2.7, update to version V3.2.7 or later. For SCALANCE X-300 switch family versions prior to 4.1.3, update to version 4.1.3 or later.