cve-2019-13933
Vulnerability from cvelistv5
Published
2020-01-16 00:00
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf | Vendor Advisory | |
productcert@siemens.com | https://www.us-cert.gov/ics/advisories/icsa-20-014-03 | Third Party Advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:43.965Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SCALANCE X204RNA (HSR)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.7" } ] }, { "product": "SCALANCE X204RNA (PRP)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.7" } ] }, { "product": "SCALANCE X204RNA EEC (HSR)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.7" } ] }, { "product": "SCALANCE X204RNA EEC (PRP)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.7" } ] }, { "product": "SCALANCE X204RNA EEC (PRP/HSR)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.7" } ] }, { "product": "SCALANCE X302-7 EEC (230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X302-7 EEC (230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X302-7 EEC (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X302-7 EEC (24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X302-7 EEC (2x 230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X302-7 EEC (2x 230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X302-7 EEC (2x 24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X302-7 EEC (2x 24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X304-2FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X306-1LD FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-2 EEC (230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-2 EEC (230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-2 EEC (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-2 EEC (24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-2 EEC (2x 230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-2 EEC (2x 230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-2 EEC (2x 24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-2 EEC (2x 24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-3LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X307-3LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2LH", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2LH", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2LH+", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2LH+", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2M PoE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2M PoE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2M TS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X308-2M TS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X310", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X310", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X310FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X310FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X320-1 FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X320-1-2LD FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE X408-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M (230V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M (230V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M (230V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M (230V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M TS (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-12M TS (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M PoE (230V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M PoE (230V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M PoE (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M PoE (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] }, { "product": "SIPLUS NET SCALANCE X308-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf" }, { "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13933", "datePublished": "2020-01-16T00:00:00", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:43.965Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-13933\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2020-01-16T16:15:16.187\",\"lastModified\":\"2022-12-13T17:15:12.680\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en la familia de conmutadores SCALANCE X-300 (incl. X408 y variantes SIPLUS NET), SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. Los dispositivos afectados contienen una vulnerabilidad que permite a un atacante no autentificado violar las reglas de control de acceso. La vulnerabilidad puede activarse enviando una solicitud GET a un localizador de recursos uniforme espec\u00edfico en la interfaz de configuraci\u00f3n web del dispositivo. La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso de red a los sistemas afectados. Un atacante podr\u00eda utilizar la vulnerabilidad para obtener informaci\u00f3n sensible o cambiar la configuraci\u00f3n del dispositivo. En el momento de la publicaci\u00f3n del aviso no se conoc\u00eda ninguna explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x-200rna_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"282096F4-8422-4261-A446-69FFB0933FC1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x-200rna:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BCF5B82-0766-4711-90E6-C2A6FACE44EE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C435EFA-6C21-41EA-9A3F-136FF7F03776\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA8B483F-0FD2-49F8-A86A-672A6E007949\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"076F3DDE-2B70-4F53-9B12-7CE3D9641E7E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2D0AB50-6F0B-4232-8C8E-1647410D362D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"02B398C3-3EDD-4FD4-977A-8461DB27CC49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"434BC9BE-C5DB-4DAF-8E07-DFE4EEA0D7FE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"129E733C-0BF1-4DF0-9772-66009BA3C64D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"889CF2C0-EE6C-447F-85F1-005730EAD232\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"3B1BAB4A-4F21-4BD7-B474-7675CEF22008\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C632B90-EB11-4A4C-8128-DABBE044B9AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siplus_net_csm_1277_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"EAAC05E1-5FED-4072-906B-9B1289A1E6ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siplus_net_csm_1277:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54C4F62C-EF24-434F-800C-07F26968EFBA\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-20-014-03\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.