Vulnerability-Lookup

CVE-2013-5944 (GCVE-0-2013-5944)

Vulnerability from cvelistv5 – Published: 2013-10-03 10:00 – Updated: 2024-08-06 17:29

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

2 references

URL	Tags
http://www.siemens.com/innovation/pool/de/forschu…	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Date Public

2013-10-01 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:29:42.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-10T14:06:50.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5944",
    "datePublished": "2013-10-03T10:00:00.000Z",
    "dateReserved": "2013-09-27T00:00:00.000Z",
    "dateUpdated": "2024-08-06T17:29:42.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2013-5944",
      "date": "2026-06-02",
      "epss": "0.01486",
      "percentile": "0.81351"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.4\", \"matchCriteriaId\": \"756EF73B-3FF0-458A-AD4F-02D9F1895C56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17C52F7B-5B34-42B6-BE60-B24EDBE221C8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FEF9F9F-4066-483B-BF95-3BA5625284DF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0.1\", \"matchCriteriaId\": \"3F527B72-4EFC-4A63-9877-ABA7B87C3B8A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94C7BE35-D3A6-488C-BB3D-D17D65DF4B80\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.\"}, {\"lang\": \"es\", \"value\": \"El servidor web integrado en switches Siemens SCALANCE X-200 con firmware anterior a la versi\\u00f3n 4.5.0 y switches X-200IRT con firmware anterior a 5.1.0 no aplica adecuadamente los requerimientos de autenticaci\\u00f3n, lo que permite a atacantes remotos llevar a cabo acciones administrativas a trav\\u00e9s de peticiones a la interfaz de gesti\\u00f3n.\"}]",
      "id": "CVE-2013-5944",
      "lastModified": "2024-11-21T01:58:28.080",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-10-03T11:04:43.773",
      "references": "[{\"url\": \"http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-5944\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-10-03T11:04:43.773\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.\"},{\"lang\":\"es\",\"value\":\"El servidor web integrado en switches Siemens SCALANCE X-200 con firmware anterior a la versi\u00f3n 4.5.0 y switches X-200IRT con firmware anterior a 5.1.0 no aplica adecuadamente los requerimientos de autenticaci\u00f3n, lo que permite a atacantes remotos llevar a cabo acciones administrativas a trav\u00e9s de peticiones a la interfaz de gesti\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.4\",\"matchCriteriaId\":\"756EF73B-3FF0-458A-AD4F-02D9F1895C56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C52F7B-5B34-42B6-BE60-B24EDBE221C8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FEF9F9F-4066-483B-BF95-3BA5625284DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.1\",\"matchCriteriaId\":\"3F527B72-4EFC-4A63-9877-ABA7B87C3B8A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94C7BE35-D3A6-488C-BB3D-D17D65DF4B80\"}]}]}],\"references\":[{\"url\":\"http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2013-5944

Vulnerability from fkie_nvd - Published: 2013-10-03 11:04 - Updated: 2026-04-29 01:13

Severity

Summary

References

URL	Tags
cve@mitre.org	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf	Vendor Advisory
cve@mitre.org	https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf

Impacted products

Vendor	Product	Version
siemens	scalance_x-200_series_firmware	*
siemens	scalance_x-200_series_firmware	4.3
siemens	scalance_x-200	-
siemens	scalance_x-200_series_firmware	*
siemens	scalance_x-200irt	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "756EF73B-3FF0-458A-AD4F-02D9F1895C56",
              "versionEndIncluding": "4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C52F7B-5B34-42B6-BE60-B24EDBE221C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FEF9F9F-4066-483B-BF95-3BA5625284DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F527B72-4EFC-4A63-9877-ABA7B87C3B8A",
              "versionEndIncluding": "5.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94C7BE35-D3A6-488C-BB3D-D17D65DF4B80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface."
    },
    {
      "lang": "es",
      "value": "El servidor web integrado en switches Siemens SCALANCE X-200 con firmware anterior a la versi\u00f3n 4.5.0 y switches X-200IRT con firmware anterior a 5.1.0 no aplica adecuadamente los requerimientos de autenticaci\u00f3n, lo que permite a atacantes remotos llevar a cabo acciones administrativas a trav\u00e9s de peticiones a la interfaz de gesti\u00f3n."
    }
  ],
  "id": "CVE-2013-5944",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-03T11:04:43.773",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-P4XV-MJ4J-5J9Q

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5944"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-10-03T11:04:00Z",
    "severity": "HIGH"
  },
  "details": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.",
  "id": "GHSA-p4xv-mj4j-5j9q",
  "modified": "2022-05-13T01:28:34Z",
  "published": "2022-05-13T01:28:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5944"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2013-5944

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-5944

Aliases

CVE-2013-5944

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5944",
    "description": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.",
    "id": "GSD-2013-5944"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5944"
      ],
      "details": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.",
      "id": "GSD-2013-5944",
      "modified": "2023-12-13T01:22:22.040423Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-5944",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5944"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-02-10T15:15Z",
      "publishedDate": "2013-10-03T11:04Z"
    }
  }
}

ICSA-13-274-01

Vulnerability from csaf_cisa - Published: 2013-07-04 06:00 - Updated: 2025-06-06 18:41

Summary

Siemens SCALANCE X-200 Authentication Bypass Vulnerability

Notes

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation.

Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

CVE-2013-5944

10.0 ()


                        
                          AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-592 - DEPRECATED: Authentication Bypass Issues

Affected products

Known affected 4 products

Product	Version	Remediation
Siemens SCALANCE X-200 switch family firmware: <V4.5.0 Siemens / SCALANCE X-200 switch family firmware	<V4.5.0	Mitigation Mitigation fix Mitigation fix Mitigation fix
Siemens SCALANCE X-200IRT Isochronous Real-Time switch family firmware: <V5.1.0 Siemens / SCALANCE X-200IRT Isochronous Real-Time switch family firmware	<V5.1.0	Mitigation Mitigation fix Mitigation fix Mitigation fix
Siemens SCALANCE X-200 MLFBs: 6GK5224-0BA00-2AA3\|6GK5216-0BA00-2AA3\|6GK5212-2BB00-2AA3\|6GK5212-2BC00-2AA3\|6GK5208-0BA10-2AA3\|6GK5206-1BB10-2AA3\|6GK5206-1BC10-2AA3\|6GK5204-2BB10-2AA3\|6GK5204-2BC10-2AA3\|6GK5208-0HA10-2AA6\|6GK5204-0BA00-2AF2\|6GK5208-0BA00-2AF2\|6GK5206-1BC00-2AF2\|6GK5204-2BC00-2AF2\|6GK5204-2BB10-2CA2 Siemens / SCALANCE X-200 MLFBs	6GK5224-0BA00-2AA3\|6GK5216-0BA00-2AA3\|6GK5212-2BB00-2AA3\|6GK5212-2BC00-2AA3\|6GK5208-0BA10-2AA3\|6GK5206-1BB10-2AA3\|6GK5206-1BC10-2AA3\|6GK5204-2BB10-2AA3\|6GK5204-2BC10-2AA3\|6GK5208-0HA10-2AA6\|6GK5204-0BA00-2AF2\|6GK5208-0BA00-2AF2\|6GK5206-1BC00-2AF2\|6GK5204-2BC00-2AF2\|6GK5204-2BB10-2CA2	Mitigation Mitigation fix Mitigation fix Mitigation fix
Siemens SCALANCE X-200IRT MLFBs: 6GK5201-3JR00-2BA6\|6GK5204-0BA00-2BF2\|6GK5204-0JA00-2BA6\|6GK5202-2JR00-2BA6\|6GK5202-2BH00-2BA3\|6GK5201-3BH00-2BA3\|6GK5200-4AH00-2BA3\|6GK5202-2BB00-2BA3\|6GK5204-0BA00-2BA3 Siemens / SCALANCE X-200IRT MLFBs	6GK5201-3JR00-2BA6\|6GK5204-0BA00-2BF2\|6GK5204-0JA00-2BA6\|6GK5202-2JR00-2BA6\|6GK5202-2BH00-2BA3\|6GK5201-3BH00-2BA3\|6GK5200-4AH00-2BA3\|6GK5202-2BB00-2BA3\|6GK5204-0BA00-2BA3	Mitigation Mitigation fix Mitigation fix Mitigation fix

References

10 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://us-cert.cisa.gov/sites/default/files/reco…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external
https://www.cisa.gov/uscert/sites/default/files/p…	external
https://www.cisa.gov/uscert/ncas/tips/ST04-014	external

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-13-274-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2013/icsa-13-274-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-13-274-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-274-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Siemens SCALANCE X-200 Authentication Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2025-06-06T18:41:44.564454Z",
      "generator": {
        "date": "2025-06-06T18:41:44.564290Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-13-274-01",
      "initial_release_date": "2013-07-04T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2013-07-04T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-06-06T18:41:44.564454Z",
          "legacy_version": "CSAF Conversion",
          "number": "2",
          "summary": "Advisory converted into a CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV4.5.0",
                "product": {
                  "name": "Siemens SCALANCE X-200 switch family firmware: \u003cV4.5.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SCALANCE X-200 switch family firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV5.1.0",
                "product": {
                  "name": "Siemens SCALANCE X-200IRT Isochronous Real-Time switch family firmware: \u003cV5.1.0",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SCALANCE X-200IRT Isochronous Real-Time switch family firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "6GK5224-0BA00-2AA3|6GK5216-0BA00-2AA3|6GK5212-2BB00-2AA3|6GK5212-2BC00-2AA3|6GK5208-0BA10-2AA3|6GK5206-1BB10-2AA3|6GK5206-1BC10-2AA3|6GK5204-2BB10-2AA3|6GK5204-2BC10-2AA3|6GK5208-0HA10-2AA6|6GK5204-0BA00-2AF2|6GK5208-0BA00-2AF2|6GK5206-1BC00-2AF2|6GK5204-2BC00-2AF2|6GK5204-2BB10-2CA2",
                "product": {
                  "name": "Siemens SCALANCE X-200 MLFBs: 6GK5224-0BA00-2AA3|6GK5216-0BA00-2AA3|6GK5212-2BB00-2AA3|6GK5212-2BC00-2AA3|6GK5208-0BA10-2AA3|6GK5206-1BB10-2AA3|6GK5206-1BC10-2AA3|6GK5204-2BB10-2AA3|6GK5204-2BC10-2AA3|6GK5208-0HA10-2AA6|6GK5204-0BA00-2AF2|6GK5208-0BA00-2AF2|6GK5206-1BC00-2AF2|6GK5204-2BC00-2AF2|6GK5204-2BB10-2CA2",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "SCALANCE X-200 MLFBs"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "6GK5201-3JR00-2BA6|6GK5204-0BA00-2BF2|6GK5204-0JA00-2BA6|6GK5202-2JR00-2BA6|6GK5202-2BH00-2BA3|6GK5201-3BH00-2BA3|6GK5200-4AH00-2BA3|6GK5202-2BB00-2BA3|6GK5204-0BA00-2BA3",
                "product": {
                  "name": "Siemens SCALANCE X-200IRT MLFBs: 6GK5201-3JR00-2BA6|6GK5204-0BA00-2BF2|6GK5204-0JA00-2BA6|6GK5202-2JR00-2BA6|6GK5202-2BH00-2BA3|6GK5201-3BH00-2BA3|6GK5200-4AH00-2BA3|6GK5202-2BB00-2BA3|6GK5204-0BA00-2BA3",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "SCALANCE X-200IRT MLFBs"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-5944",
      "cwe": {
        "id": "CWE-592",
        "name": "DEPRECATED: Authentication Bypass Issues"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Siemens recommends upgrading to the current SCALANCE X-200 firmware versions V5.0.1 (non-IRT) and V5.1.2 (IRT). These versions are not vulnerable to the authentication bypass issue.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "The firmware update for SCALANCE X-200 can be obtained here: (http://support.automation.siemens.com/WW/view/en/78458674): The firmware update for SCALANCE X-200IRT can be obtained here: (http://support.automation.siemens.com/WW/view/en/78454417)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://support.automation.siemens.com/WW/view/en/78458674"
        },
        {
          "category": "mitigation",
          "details": "The firmware update for SCALANCE X-200 can be obtained here: (http://support.automation.siemens.com/WW/view/en/78458674): The firmware update for SCALANCE X-200IRT can be obtained here: (http://support.automation.siemens.com/WW/view/en/78454417)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://support.automation.siemens.com/WW/view/en/78454417"
        },
        {
          "category": "mitigation",
          "details": "Siemens security advisory is located here: (http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "baseScore": 10.0,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

VAR-201310-0390

Vulnerability from variot - Updated: 2023-12-18 13:20

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. The Siemens Scalance X200 is an industrial Ethernet switch from Siemens. SCALANCE X-200 and X-200IRT series switches are prone to an authentication-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and gain administrative access to the affected device. The following products are affected. SCALANCE X-200 running firmware versions prior to 4.5.0 SCALANCE X-200IRT running firmware versions prior to 5.1.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201310-0390",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "scalance x-200 series",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "scalance x-200 series",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "scalance x-200 series",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.1"
      },
      {
        "model": "scalance x-200irt",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x-200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance x-200 series",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "4.5.0   (scalance x-200)"
      },
      {
        "model": "scalance x-200 series",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "5.1.0   (scalance x-200irt)"
      },
      {
        "model": "scalance x-200irt",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "x-2004.4.9"
      },
      {
        "model": "scalance x-200irt",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "5.0.9"
      },
      {
        "model": "scalance x-200 series",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "5.0.1"
      },
      {
        "model": "scalance x-200 series",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "scalance x-200irt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "scalance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x-2000"
      },
      {
        "model": "scalance x-200irt",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1.2"
      },
      {
        "model": "scalance x-200irt",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "scalance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "x-2004.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 200 series",
        "version": "5.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 200",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 200 series",
        "version": "4.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 200irt",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance x 200 series",
        "version": "4.3"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "9e35be88-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "db": "BID",
        "id": "62762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5944"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Eireann Leverett of IOActive",
    "sources": [
      {
        "db": "BID",
        "id": "62762"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-5944",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-5944",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2013-13553",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "9e35be88-2352-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-65946",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5944",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-13553",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201310-059",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "9e35be88-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65946",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-5944",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "9e35be88-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65946"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. The Siemens Scalance X200 is an industrial Ethernet switch from Siemens. SCALANCE X-200 and X-200IRT series switches are prone to an authentication-bypass vulnerability. \nSuccessfully exploiting this issue may allow an attacker to bypass  certain security  restrictions  and gain administrative access to the affected device. \nThe following products are affected. \nSCALANCE X-200 running firmware versions prior to 4.5.0\nSCALANCE X-200IRT running firmware versions prior to 5.1.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "db": "BID",
        "id": "62762"
      },
      {
        "db": "IVD",
        "id": "9e35be88-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65946"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5944"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5944",
        "trust": 3.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-176087",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "62762",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-059",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "9E35BE88-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-89659",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-65946",
        "trust": 0.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-13-274-01",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5944",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "9e35be88-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65946"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5944"
      },
      {
        "db": "BID",
        "id": "62762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ]
  },
  "id": "VAR-201310-0390",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "9e35be88-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65946"
      }
    ],
    "trust": 1.4816919199999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "9e35be88-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:20:05.009000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-176087",
        "trust": 0.8,
        "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
      },
      {
        "title": "Patch for unclear management access vulnerability on the WEB interface of the Siemens SCALANCE X-200 switch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/40012"
      },
      {
        "title": "Siemens Scalance X-200 Switch unauthorized access vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109052"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=44f98d989f2a58ed7cb2e4b6335cb180"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65946"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5944"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5944"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5944"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-13-274-01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65946"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5944"
      },
      {
        "db": "BID",
        "id": "62762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "9e35be88-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65946"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5944"
      },
      {
        "db": "BID",
        "id": "62762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-10T00:00:00",
        "db": "IVD",
        "id": "9e35be88-2352-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2013-10-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "date": "2013-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65946"
      },
      {
        "date": "2013-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-5944"
      },
      {
        "date": "2013-10-01T00:00:00",
        "db": "BID",
        "id": "62762"
      },
      {
        "date": "2013-10-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "date": "2013-10-03T11:04:43.773000",
        "db": "NVD",
        "id": "CVE-2013-5944"
      },
      {
        "date": "2013-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-13553"
      },
      {
        "date": "2020-02-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65946"
      },
      {
        "date": "2020-02-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-5944"
      },
      {
        "date": "2013-10-01T00:00:00",
        "db": "BID",
        "id": "62762"
      },
      {
        "date": "2013-10-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      },
      {
        "date": "2020-02-10T15:15:12.387000",
        "db": "NVD",
        "id": "CVE-2013-5944"
      },
      {
        "date": "2020-02-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SCALANCE X-200 and  X-200IRT Vulnerability to execute administrator actions in switch firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004482"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-059"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-5944 (GCVE-0-2013-5944)

FKIE_CVE-2013-5944

GHSA-P4XV-MJ4J-5J9Q

GSD-2013-5944

ICSA-13-274-01

VAR-201310-0390

Tags

Sightings

Nomenclature