CVE-2013-3633

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.

Published: May 24, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-3633
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8
AV:N/AC:L/Au:S/C:P/I:P/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
siemens / scalance_x200irt_firmware	-	5.0.0.x

https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf

Vulnerability Database

289,697

CVE-2013-3633