CVE-2018-13807

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.

CVSS v3 8.6 HIGH
CVSS v2.0 7.8 HIGH

8.6^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/105331	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf	Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05	Third Party Advisory US Government Resource VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-09-12 13:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-13807

Mitre link : CVE-2018-13807

CVE.ORG link : CVE-2018-13807

JSON object : View

Products Affected

siemens

scalance_x300
scalance_x414_firmware
scalance_x414
scalance_x408
scalance_x300_firmware
scalance_x408_firmware

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2018-13807", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2018-09-12T13:29:01.157", "references": [{"url": "http://www.securityfocus.com/bid/105331", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05", "tags": ["Third Party Advisory", "US Government Resource", "VDB Entry"], "source": "productcert@siemens.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SCALANCE X300 (todas las versiones anteriores a la V4.0.0), SCALANCE X408 (todas las versiones anteriores a la V4.0.0) y SCALANCE X414 (todas las versiones) La interfaz web en el puerto 443/tcp podr\u00eda permitir que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de paquetes especialmente manipulados al servidor web. El dispositivo se reiniciar\u00e1 autom\u00e1ticamente, impactando en la disponibilidad de red para otros dispositivos. Un atacante debe tener acceso de red al puerto 443/tcp para explotar la vulnerabilidad. No se requieren credenciales v\u00e1lidas ni interacci\u00f3n por parte de un usuario leg\u00edtimo para explotar la vulnerabilidad. No hay impacto ni en la confidencialidad ni en la integridad; solo la disponibilidad se ha visto temporalmente impactada. La vulnerabilidad puede ser desencadenada por herramientas disponibles de forma p\u00fablica."}], "lastModified": "2019-10-09T23:34:32.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "897A0746-166D-46E3-B261-429A85012FC0", "versionEndExcluding": "4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47F713E4-4B75-476E-BC21-92CA10198AE9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C00ECDFD-EBBD-4532-A529-ED567A4331CC", "versionEndExcluding": "4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E3F6299B-D7E3-4750-B016-7DCBC83C2287"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EDB94AE-1ADF-468A-93BB-7DC0A2086AC2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E4C1BEF-D6B4-4260-9AC5-6F903EF6F4B1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}