CVE-2019-13933

Summary

CVE	CVE-2019-13933
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-01-16 16:15:00 UTC
Updated	2022-12-13 17:15:00 UTC
Description	A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.

Risk And Classification

Problem Types: CWE-306

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Siemens	Scalance X-200rna	-	All	All	All
Hardware	Siemens	Scalance X-200rna	-	All	All	All
Operating System	Siemens	Scalance X-200rna Firmware	All	All	All	All
Operating System	Siemens	Scalance X-200rna Firmware	All	All	All	All
Hardware	Siemens	Scalance X-300	-	All	All	All
Hardware	Siemens	Scalance X-300	-	All	All	All
Operating System	Siemens	Scalance X-300 Firmware	All	All	All	All
Operating System	Siemens	Scalance X-300 Firmware	All	All	All	All
Hardware	Siemens	Scalance X204rna	-	All	All	All
Hardware	Siemens	Scalance X204rna	-	All	All	All
Operating System	Siemens	Scalance X204rna Firmware	All	All	All	All
Operating System	Siemens	Scalance X204rna Firmware	All	All	All	All
Hardware	Siemens	Scalance X408-2	-	All	All	All
Hardware	Siemens	Scalance X408-2	-	All	All	All
Operating System	Siemens	Scalance X408-2 Firmware	All	All	All	All
Operating System	Siemens	Scalance X408-2 Firmware	All	All	All	All
Hardware	Siemens	Scalance Xr-300	-	All	All	All
Hardware	Siemens	Scalance Xr-300	-	All	All	All
Hardware	Siemens	Scalance Xr-300wg	-	All	All	All
Hardware	Siemens	Scalance Xr-300wg	-	All	All	All
Operating System	Siemens	Scalance Xr-300wg Firmware	All	All	All	All
Operating System	Siemens	Scalance Xr-300wg Firmware	All	All	All	All
Operating System	Siemens	Scalance Xr-300 Firmware	All	All	All	All
Operating System	Siemens	Scalance Xr-300 Firmware	All	All	All	All
Hardware	Siemens	Siplus Net Csm 1277	-	All	All	All
Hardware	Siemens	Siplus Net Csm 1277	-	All	All	All
Operating System	Siemens	Siplus Net Csm 1277 Firmware	All	All	All	All
Operating System	Siemens	Siplus Net Csm 1277 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
Siemens SCALANCE X Switches \| CISA	MISC	www.us-cert.gov	Third Party Advisory
cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf	MISC	cert-portal.siemens.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.