Scalance X200Irt Firmware
CVE-2013-3633
HIGH
Severity by source
AV:N/AC:L/Au:S/C:P/I:P/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:S/C:P/I:P/A:C
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.
AnalysisAI
A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account. Affected products include: Siemens Scalance X200Irt Firmware, Siemens Scalance X200-4P Irt, Siemens Scalance X201-3P Irt, Siemens Scalance X202-2Irt, Siemens Scalance X202-2P Irt.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Scalance X200Irt Firmware
View allA vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE
A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated high severity (CVSS 7.5), this vulnerab
A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. Rated medium severity (CVSS 4.8), this vul
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today