CVE-2013-3633 - OpenCVE

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:L/Au:S/C:P/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Scalance X200-4p Irt Scalance X200irt Firmware Scalance X201-3p Irt Scalance X202-2irt Scalance X202-2p Irt Scalance X204irt Scalance Xf204irt

Configuration 1 [-]

AND

cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:siemens:scalance_x200-4p_irt:-:::::::*
	cpe:2.3:h:siemens:scalance_x201-3p_irt:-:::::::*
	cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:::::*
	cpe:2.3:h:siemens:scalance_x202-2irt:-:::::::*
	cpe:2.3:h:siemens:scalance_x202-2p_irt:-:::::::*
	cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:::::*
	cpe:2.3:h:siemens:scalance_x204irt:-:::::::*
	cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:::::*
	cpe:2.3:h:siemens:scalance_xf204irt:-:::::::*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-05-24T20:00:00

Updated: 2024-08-06T16:14:56.558Z

Reserved: 2013-05-22T00:00:00

Link: CVE-2013-3633

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-05-24T20:55:01.737

Modified: 2019-12-12T20:15:11.693

Link: CVE-2013-3633

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-12T19:08:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3633", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:56.558Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3633", "datePublished": "2013-05-24T20:00:00", "dateReserved": "2013-05-22T00:00:00", "dateUpdated": "2024-08-06T16:14:56.558Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "50D308F8-83C2-4404-9C12-7A033006A350", "versionEndIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B9CBC72-92D9-4B3A-884F-33124C457016", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*", "matchCriteriaId": "3268CF75-6DAB-416A-B19B-2A8F95C268CF", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:*:*:*:*:*", "matchCriteriaId": "21095E8E-A67B-448C-90B1-6234D931C005", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8B1D979-038F-42F4-AB7D-E0664D051B4E", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEB62730-E759-455A-A308-F9DB084B35B5", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:*:*:*:*:*", "matchCriteriaId": "39CAF419-AB8D-4F79-A5E7-602A77D55E65", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*", "matchCriteriaId": "6716DCDE-BD3F-4BA2-A66A-A0C14C6A3C15", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:*:*:*:*:*", "matchCriteriaId": "BB688C82-7454-4FD0-B484-C400E7FF4898", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*", "matchCriteriaId": "57E5489B-277A-4D02-B4AB-4DB65969EED2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en la familia de conmutadores SCALANCE X-200 (incluidas las variantes SIPLUS NET) (Versiones anteriores a la versi\u00f3n V5.0.0 para CVE-2013-3633 y versiones anteriores a la versi\u00f3n V4.5.0 para CVE-2013-3634), conmutador SCALANCE X-200IRT familia (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a la versi\u00f3n V5.1.0). Los privilegios de usuario para la interfaz web solo se aplican en el lado del cliente y no se verifican adecuadamente en el lado del servidor. Por lo tanto, un atacante puede ejecutar comandos con privilegios utilizando una cuenta sin privilegios."}], "id": "CVE-2013-3633", "lastModified": "2019-12-12T20:15:11.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-05-24T20:55:01.737", "references": [{"source": "cve@mitre.org", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}