CVE-2019-13933 - OpenCVE

Vendors	Products
Siemens	Scalance X-200rna Scalance X-200rna Firmware Scalance X-300 Scalance X-300 Firmware Scalance X204rna Scalance X204rna Firmware Scalance X408-2 Scalance X408-2 Firmware Scalance Xr-300 Scalance Xr-300 Firmware Scalance Xr-300wg Scalance Xr-300wg Firmware Siplus Net Csm 1277 Siplus Net Csm 1277 Firmware

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf
https://www.us-cert.gov/ics/advisories/icsa-20-014-03

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-13933", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "dateUpdated": "2024-08-05T00:05:43.965Z", "dateReserved": "2019-07-18T00:00:00", "datePublished": "2020-01-16T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known."}], "affected": [{"vendor": "Siemens", "product": "SCALANCE X204RNA (HSR)", "versions": [{"version": "All versions < V3.2.7", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X204RNA (PRP)", "versions": [{"version": "All versions < V3.2.7", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X204RNA EEC (HSR)", "versions": [{"version": "All versions < V3.2.7", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X204RNA EEC (PRP)", "versions": [{"version": "All versions < V3.2.7", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X204RNA EEC (PRP/HSR)", "versions": [{"version": "All versions < V3.2.7", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X302-7 EEC (230V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X302-7 EEC (230V, coated)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X302-7 EEC (24V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X302-7 EEC (24V, coated)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X302-7 EEC (2x 230V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X302-7 EEC (2x 230V, coated)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X302-7 EEC (2x 24V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X302-7 EEC (2x 24V, coated)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X304-2FE", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X306-1LD FE", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-2 EEC (230V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-2 EEC (230V, coated)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-2 EEC (24V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-2 EEC (24V, coated)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-2 EEC (2x 230V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-2 EEC (2x 230V, coated)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-2 EEC (2x 24V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-2 EEC (2x 24V, coated)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-3", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-3", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-3LD", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X307-3LD", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2LD", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2LD", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2LH", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2LH", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2LH+", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2LH+", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2M", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2M", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2M PoE", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2M PoE", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2M TS", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X308-2M TS", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X310", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X310", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X310FE", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X310FE", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X320-1 FE", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X320-1-2LD FE", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE X408-2", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M (230V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M (230V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M (230V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M (230V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M (24V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M (24V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M (24V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M (24V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M TS (24V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-12M TS (24V)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (24V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (24V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (24V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (24V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M PoE (230V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M PoE (230V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M PoE (24V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M PoE (24V, ports on rear)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}, {"vendor": "Siemens", "product": "SIPLUS NET SCALANCE X308-2", "versions": [{"version": "All versions < V4.1.3", "status": "affected"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "cweId": "CWE-306"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:05:43.965Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf", "tags": ["x_transferred"]}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x-200rna_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "282096F4-8422-4261-A446-69FFB0933FC1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x-200rna:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BCF5B82-0766-4711-90E6-C2A6FACE44EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C435EFA-6C21-41EA-9A3F-136FF7F03776", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "076F3DDE-2B70-4F53-9B12-7CE3D9641E7E", "versionEndExcluding": "4.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2D0AB50-6F0B-4232-8C8E-1647410D362D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02B398C3-3EDD-4FD4-977A-8461DB27CC49", "versionEndExcluding": "4.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*", "matchCriteriaId": "434BC9BE-C5DB-4DAF-8E07-DFE4EEA0D7FE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "129E733C-0BF1-4DF0-9772-66009BA3C64D", "versionEndExcluding": "4.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*", "matchCriteriaId": "889CF2C0-EE6C-447F-85F1-005730EAD232", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x408-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B1BAB4A-4F21-4BD7-B474-7675CEF22008", "versionEndExcluding": "4.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x408-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C632B90-EB11-4A4C-8128-DABBE044B9AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_net_csm_1277_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAAC05E1-5FED-4072-906B-9B1289A1E6ED", "versionEndExcluding": "4.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_net_csm_1277:-:*:*:*:*:*:*:*", "matchCriteriaId": "54C4F62C-EF24-434F-800C-07F26968EFBA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en la familia de conmutadores SCALANCE X-300 (incl. X408 y variantes SIPLUS NET), SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, revestido), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, revestido), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, revestido), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, revestido), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, revestido), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, revestido), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, revestido), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, revestido), SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte delantera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (230V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte delantera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M (24V, puertos en la parte trasera), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte delantera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M EEC (2x 24V, puertos en la parte trasera), SCALANCE XR324-4M PoE (230V, puertos en la parte delantera), SCALANCE XR324-4M PoE (230V, puertos en la parte trasera), SCALANCE XR324-4M PoE (24V, puertos en la parte delantera), SCALANCE XR324-4M PoE (24V, puertos en la parte trasera), SCALANCE XR324-4M PoE TS (24V, puertos en la parte delantera), SIPLUS NET SCALANCE X308-2. Los dispositivos afectados contienen una vulnerabilidad que permite a un atacante no autentificado violar las reglas de control de acceso. La vulnerabilidad puede activarse enviando una solicitud GET a un localizador de recursos uniforme espec\u00edfico en la interfaz de configuraci\u00f3n web del dispositivo. La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso de red a los sistemas afectados. Un atacante podr\u00eda utilizar la vulnerabilidad para obtener informaci\u00f3n sensible o cambiar la configuraci\u00f3n del dispositivo. En el momento de la publicaci\u00f3n del aviso no se conoc\u00eda ninguna explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad"}], "id": "CVE-2019-13933", "lastModified": "2022-12-13T17:15:12.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-16T16:15:16.187", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf"}, {"source": "productcert@siemens.com", "tags": ["Third Party Advisory"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object