CVE-2013-5944
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
03/10/2013
Last modified:
11/04/2025
Description
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:* | 4.4 (including) | |
| cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:* | 5.0.1 (including) | |
| cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf