Clickjacking Vulnerability in SCALANCE Switch Family by Siemens
CVE-2019-13924

5.4MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance S602; Scalance S612; Scalance S623; Scalance S627-2m
Vendor: CVE Published:; 11 February 2020

What is CVE-2019-13924?

A vulnerability exists in various SCALANCE switch products where the administrative web interface omits the X-Frame-Options header. This oversight renders the devices susceptible to Clickjacking attacks. An attacker could exploit this flaw by deceiving a legitimate administrator into clicking on a malicious site, potentially allowing unauthorized actions through the web interface. It is crucial for users of affected devices to review their security settings and apply updated firmware to mitigate this risk.

Affected Version(s)

SCALANCE S602 All versions < V4.1

SCALANCE S612 All versions < V4.1

SCALANCE S623 All versions < V4.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-95151...

https://www.us-cert.gov/ics/advisories/icsa-20-042-07

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2020
Vulnerability Reserved
Jul 18, 2019