github - ghsa-5vx5-pc42-77fx

ghsa-5vx5-pc42-77fx

Vulnerability from github

Published

2022-05-24 17:06

Modified

2022-06-15 00:00

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Details

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2019-13933",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-306",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2020-01-16T16:15:00Z",
      severity: "HIGH",
   },
   details: "A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.",
   id: "GHSA-5vx5-pc42-77fx",
   modified: "2022-06-15T00:00:35Z",
   published: "2022-05-24T17:06:47Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2019-13933",
      },
      {
         type: "WEB",
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf",
      },
      {
         type: "WEB",
         url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-03",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
         type: "CVSS_V3",
      },
   ],
}

cve-2019-13933

Vulnerability from cvelistv5

Published

2020-01-16 00:00

Modified

2024-08-05 00:05

Severity ?

Summary

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf
	https://www.us-cert.gov/ics/advisories/icsa-20-014-03

Impacted products

Vendor

Product

Version

▼

Siemens

SCALANCE X204RNA (HSR)

Version: All versions < V3.2.7

Siemens	SCALANCE X204RNA (PRP)	Version: All versions < V3.2.7
Siemens	SCALANCE X204RNA EEC (HSR)	Version: All versions < V3.2.7
Siemens	SCALANCE X204RNA EEC (PRP)	Version: All versions < V3.2.7
Siemens	SCALANCE X204RNA EEC (PRP/HSR)	Version: All versions < V3.2.7
Siemens	SCALANCE X302-7 EEC (230V)	Version: All versions < V4.1.3
Siemens	SCALANCE X302-7 EEC (230V, coated)	Version: All versions < V4.1.3
Siemens	SCALANCE X302-7 EEC (24V)	Version: All versions < V4.1.3
Siemens	SCALANCE X302-7 EEC (24V, coated)	Version: All versions < V4.1.3
Siemens	SCALANCE X302-7 EEC (2x 230V)	Version: All versions < V4.1.3
Siemens	SCALANCE X302-7 EEC (2x 230V, coated)	Version: All versions < V4.1.3
Siemens	SCALANCE X302-7 EEC (2x 24V)	Version: All versions < V4.1.3
Siemens	SCALANCE X302-7 EEC (2x 24V, coated)	Version: All versions < V4.1.3
Siemens	SCALANCE X304-2FE	Version: All versions < V4.1.3
Siemens	SCALANCE X306-1LD FE	Version: All versions < V4.1.3
Siemens	SCALANCE X307-2 EEC (230V)	Version: All versions < V4.1.3
Siemens	SCALANCE X307-2 EEC (230V, coated)	Version: All versions < V4.1.3
Siemens	SCALANCE X307-2 EEC (24V)	Version: All versions < V4.1.3
Siemens	SCALANCE X307-2 EEC (24V, coated)	Version: All versions < V4.1.3
Siemens	SCALANCE X307-2 EEC (2x 230V)	Version: All versions < V4.1.3
Siemens	SCALANCE X307-2 EEC (2x 230V, coated)	Version: All versions < V4.1.3
Siemens	SCALANCE X307-2 EEC (2x 24V)	Version: All versions < V4.1.3
Siemens	SCALANCE X307-2 EEC (2x 24V, coated)	Version: All versions < V4.1.3
Siemens	SCALANCE X307-3	Version: All versions < V4.1.3
Siemens	SCALANCE X307-3	Version: All versions < V4.1.3
Siemens	SCALANCE X307-3LD	Version: All versions < V4.1.3
Siemens	SCALANCE X307-3LD	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2LD	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2LD	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2LH	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2LH	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2LH+	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2LH+	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2M	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2M	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2M PoE	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2M PoE	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2M TS	Version: All versions < V4.1.3
Siemens	SCALANCE X308-2M TS	Version: All versions < V4.1.3
Siemens	SCALANCE X310	Version: All versions < V4.1.3
Siemens	SCALANCE X310	Version: All versions < V4.1.3
Siemens	SCALANCE X310FE	Version: All versions < V4.1.3
Siemens	SCALANCE X310FE	Version: All versions < V4.1.3
Siemens	SCALANCE X320-1 FE	Version: All versions < V4.1.3
Siemens	SCALANCE X320-1-2LD FE	Version: All versions < V4.1.3
Siemens	SCALANCE X408-2	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M (230V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M (230V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M (230V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M (230V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M (24V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M (24V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M (24V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M (24V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M TS (24V)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-12M TS (24V)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (24V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (24V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (24V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (24V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (2x 24V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (2x 24V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (2x 24V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M EEC (2x 24V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M PoE (230V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M PoE (230V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M PoE (24V, ports on front)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M PoE (24V, ports on rear)	Version: All versions < V4.1.3
Siemens	SCALANCE XR324-4M PoE TS (24V, ports on front)	Version: All versions < V4.1.3
Siemens	SIPLUS NET SCALANCE X308-2	Version: All versions < V4.1.3

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:05:43.965Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-03",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SCALANCE X204RNA (HSR)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V3.2.7",
                  },
               ],
            },
            {
               product: "SCALANCE X204RNA (PRP)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V3.2.7",
                  },
               ],
            },
            {
               product: "SCALANCE X204RNA EEC (HSR)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V3.2.7",
                  },
               ],
            },
            {
               product: "SCALANCE X204RNA EEC (PRP)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V3.2.7",
                  },
               ],
            },
            {
               product: "SCALANCE X204RNA EEC (PRP/HSR)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V3.2.7",
                  },
               ],
            },
            {
               product: "SCALANCE X302-7 EEC (230V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X302-7 EEC (230V, coated)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X302-7 EEC (24V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X302-7 EEC (24V, coated)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X302-7 EEC (2x 230V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X302-7 EEC (2x 230V, coated)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X302-7 EEC (2x 24V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X302-7 EEC (2x 24V, coated)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X304-2FE",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X306-1LD FE",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-2 EEC (230V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-2 EEC (230V, coated)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-2 EEC (24V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-2 EEC (24V, coated)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-2 EEC (2x 230V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-2 EEC (2x 230V, coated)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-2 EEC (2x 24V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-2 EEC (2x 24V, coated)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-3",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-3",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-3LD",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X307-3LD",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2LD",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2LD",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2LH",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2LH",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2LH+",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2LH+",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2M",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2M",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2M PoE",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2M PoE",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2M TS",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X308-2M TS",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X310",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X310",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X310FE",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X310FE",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X320-1 FE",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X320-1-2LD FE",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE X408-2",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M (230V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M (230V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M (230V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M (230V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M (24V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M (24V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M (24V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M (24V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M TS (24V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-12M TS (24V)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (24V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (24V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (24V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (24V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M PoE (230V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M PoE (230V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M PoE (24V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M PoE (24V, ports on rear)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SCALANCE XR324-4M PoE TS (24V, ports on front)",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
            {
               product: "SIPLUS NET SCALANCE X308-2",
               vendor: "Siemens",
               versions: [
                  {
                     status: "affected",
                     version: "All versions < V4.1.3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-306",
                     description: "CWE-306: Missing Authentication for Critical Function",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            shortName: "siemens",
         },
         references: [
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf",
            },
            {
               url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-03",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
      assignerShortName: "siemens",
      cveId: "CVE-2019-13933",
      datePublished: "2020-01-16T00:00:00",
      dateReserved: "2019-07-18T00:00:00",
      dateUpdated: "2024-08-05T00:05:43.965Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted