Access Control Bypass in Siemens SCALANCE Devices
CVE-2019-13933

8.6HIGH

Key Information:

Vendor: Siemens
Status: Scalance X204rna (hsr); Scalance X204rna (prp); Scalance X204rna Eec (hsr); Scalance X204rna Eec (prp)
Vendor: CVE Published:; 16 January 2020

Summary

A vulnerability exists in various SCALANCE X devices produced by Siemens, enabling potential unauthenticated attackers to bypass access control measures. This flaw can be triggered by sending specific GET requests to the device's web configuration interface. Such actions may grant unauthorized access to sensitive information or allow modifications to the device's settings. Although no public exploitation of this flaw has been detected at the time of the advisory's release, the risk underscores the importance of securing networked systems.

Affected Version(s)

SCALANCE X204RNA (HSR) All versions < V3.2.7

SCALANCE X204RNA (PRP) All versions < V3.2.7

SCALANCE X204RNA EEC (HSR) All versions < V3.2.7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-44356...

https://www.us-cert.gov/ics/advisories/icsa-20-014-03

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2020
Vulnerability Reserved
Jul 18, 2019