CVE-2019-13933 Information

Description

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions) SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions V4.1.3). Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf https://www.us-cert.gov/ics/advisories/icsa-20-014-03

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

HIGH

Base Score

LOW

Base Severity

8.6