Vulnerability Details CVE-2013-5944
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf
Products affected by CVE-2013-5944
-
cpe:2.3:h:siemens:scalance_x-200:-
-
cpe:2.3:h:siemens:scalance_x-200irt:-
-
cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3
-
cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.4
-
cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.5.0
-
cpe:2.3:o:siemens:scalance_x-200_series_firmware:5.0.0
-
cpe:2.3:o:siemens:scalance_x-200_series_firmware:5.0.1