CVE-2013-5944

Published: Oct 3, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.

Affected (5)

Products: Siemens: Scalance X 200 Series Firmware, Scalance X 200, Scalance X 200irt

3 products

Scalance X 200 Series Firmware

Scalance X 200irt

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Siemens Scalance X 200 Series Firmware	Up to 4.4
Siemens Scalance X 200 Series Firmware	Version 4.3
Siemens Scalance X 200	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Scalance X 200 Series Firmware	Up to 5.0.1
Siemens Scalance X 200irt	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf

Source: cve@mitre.org

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf

Source: cve@mitre.org

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.