Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2013-3633

CVE information

Published

10 years ago

Last Modified

4 years ago

CVSSv2.0 Severity

High

Impact Analysis

Share

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account..

CVSSv2.0 Score

Severity
High
Base Score
8/10
Exploit Score
8/10
Access Vector
Network
Access Complexity
Low
Authentication Required
Single
Impact Score
8.5/10
Confidentiality Impact
Partial
Availability Impact
Complete
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:*:*:*:*:*
  Yes
-
cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:*:*:*:*:*
  Yes
-
cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:*:*:*:*:*
  Yes
-
cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*
  Yes
-

References