{"containers": {"cna": {"affected": [{"product": "SCALANCE X300, SCALANCE X408, SCALANCE X414", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "SCALANCE X300 : All versions < V4.0.0"}, {"status": "affected", "version": "SCALANCE X408 : All versions < V4.0.0"}, {"status": "affected", "version": "SCALANCE X414 : All versions"}]}], "datePublic": "2018-09-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-13T09:57:01.000Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"}, {"name": "105331", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105331"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "DATE_PUBLIC": "2018-09-11T00:00:00", "ID": "CVE-2018-13807", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SCALANCE X300, SCALANCE X408, SCALANCE X414", "version": {"version_data": [{"version_value": "SCALANCE X300 : All versions < V4.0.0"}, {"version_value": "SCALANCE X408 : All versions < V4.0.0"}, {"version_value": "SCALANCE X414 : All versions"}]}}]}, "vendor_name": "Siemens AG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"}, {"name": "105331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105331"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:14:47.207Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"}, {"name": "105331", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105331"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2018-13807", "datePublished": "2018-09-12T14:00:00.000Z", "dateReserved": "2018-07-10T00:00:00.000Z", "dateUpdated": "2024-09-17T00:37:09.724Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "897A0746-166D-46E3-B261-429A85012FC0", "versionEndExcluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*", "matchCriteriaId": "47F713E4-4B75-476E-BC21-92CA10198AE9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C00ECDFD-EBBD-4532-A529-ED567A4331CC", "versionEndExcluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3F6299B-D7E3-4750-B016-7DCBC83C2287", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EDB94AE-1ADF-468A-93BB-7DC0A2086AC2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E4C1BEF-D6B4-4260-9AC5-6F903EF6F4B1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SCALANCE X300 (todas las versiones anteriores a la V4.0.0), SCALANCE X408 (todas las versiones anteriores a la V4.0.0) y SCALANCE X414 (todas las versiones) La interfaz web en el puerto 443/tcp podr\u00eda permitir que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de paquetes especialmente manipulados al servidor web. El dispositivo se reiniciar\u00e1 autom\u00e1ticamente, impactando en la disponibilidad de red para otros dispositivos. Un atacante debe tener acceso de red al puerto 443/tcp para explotar la vulnerabilidad. No se requieren credenciales v\u00e1lidas ni interacci\u00f3n por parte de un usuario leg\u00edtimo para explotar la vulnerabilidad. No hay impacto ni en la confidencialidad ni en la integridad; solo la disponibilidad se ha visto temporalmente impactada. La vulnerabilidad puede ser desencadenada por herramientas disponibles de forma p\u00fablica."}], "id": "CVE-2018-13807", "lastModified": "2024-11-21T03:48:06.303", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-12T13:29:01.157", "references": [{"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105331"}, {"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"}, {"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "US Government Resource", "VDB Entry"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105331"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource", "VDB Entry"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}