CVE-2013-3633

Published: May 24, 2013Modified: Apr 29, 2026

8.0

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:C

Exploitability: 8.0 / Impact: 8.5

Source: NVD

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.

Affected (10)

Products: Siemens: Scalance X200irt Firmware, Scalance X200 4p Irt, Scalance X201 3p Irt, Scalance X202 2irt, Scalance X202 2p Irt, Scalance X204irt, Scalance Xf204irt

Siemens

7 products

Scalance X200irt Firmware

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Siemens Scalance X200irt Firmware	Up to 5.0.0
Siemens Scalance X200 4p Irt	All versions
Siemens Scalance X201 3p Irt	All versions
Siemens Scalance X201 3p Irt	All versions
Siemens Scalance X202 2irt	All versions
Siemens Scalance X202 2p Irt	All versions
Siemens Scalance X202 2p Irt	All versions
Siemens Scalance X204irt	All versions
Siemens Scalance X204irt	All versions
Siemens Scalance Xf204irt	All versions

Related CWEs

CWE-264

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf

Source: cve@mitre.org

https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.