OpenCVE

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Scalance X-200 Scalance X-200 Firmware Scalance X-200 Irt Scalance X-200 Irt Firmware Scalance X300 Scalance X300 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:scalance_x-200_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x-200_irt:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:siemens:scalance_x-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104494
https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2018-06-14T00:00:00

Updated: 2024-08-05T05:18:26.424Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-4848

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-14T16:29:00.490

Modified: 2024-11-21T04:07:34.740

Link: CVE-2018-4848

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object