Denial-of-Service Vulnerability in SCALANCE X300, X408, and X414 by Siemens
CVE-2018-13807

8.6HIGH

Key Information:

Vendor
Siemens
Status
Scalance X300, Scalance X408, Scalance X414
Vendor
CVE Published:
12 September 2018

Summary

A Denial-of-Service vulnerability exists in the SCALANCE X300, X408, and X414 series by Siemens. The issue arises from the web interface running on port 443, where specially crafted packets can be sent to the web server, causing the device to reboot unexpectedly. This sudden reboot leads to temporary unavailability of the network services, affecting other devices connected to the network. Notably, the attack does not require any valid credentials or user interaction to succeed, making it manageable through publicly available tools. Organizations using these devices are advised to implement adequate network security measures to prevent exploitation of this vulnerability.

Affected Version(s)

SCALANCE X300, SCALANCE X408, SCALANCE X414 SCALANCE X300 : All versions < V4.0.0 < SCALANCE X300 : All versions V4.0.0

SCALANCE X300, SCALANCE X408, SCALANCE X414 SCALANCE X408 : All versions < V4.0.0 < SCALANCE X408 : All versions V4.0.0

SCALANCE X300, SCALANCE X408, SCALANCE X414 SCALANCE X414 : All versions

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05
x_refsource_MISC
http://www.securityfocus.com/bid/105331
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-44739...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.