CVE-2013-3634

Published: May 24, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.

Affected (10)

Products: Siemens: Scalance X200irt Firmware, Scalance X200 4p Irt, Scalance X201 3p Irt, Scalance X202 2irt, Scalance X202 2p Irt, Scalance X204irt, Scalance Xf204irt

Siemens

7 products

Scalance X200irt Firmware

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Siemens Scalance X200irt Firmware	Up to 5.0.0
Siemens Scalance X200 4p Irt	All versions
Siemens Scalance X201 3p Irt	All versions
Siemens Scalance X201 3p Irt	All versions
Siemens Scalance X202 2irt	All versions
Siemens Scalance X202 2p Irt	All versions
Siemens Scalance X202 2p Irt	All versions
Siemens Scalance X204irt	All versions
Siemens Scalance X204irt	All versions
Siemens Scalance Xf204irt	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf

Source: cve@mitre.org

https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.