// For flags

CVE-2018-13807

 

Severity Score

8.6
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.

Se ha identificado una vulnerabilidad en SCALANCE X300 (todas las versiones anteriores a la V4.0.0), SCALANCE X408 (todas las versiones anteriores a la V4.0.0) y SCALANCE X414 (todas las versiones) La interfaz web en el puerto 443/tcp podría permitir que un atacante provoque una condición de denegación de servicio (DoS) mediante el envío de paquetes especialmente manipulados al servidor web. El dispositivo se reiniciará automáticamente, impactando en la disponibilidad de red para otros dispositivos. Un atacante debe tener acceso de red al puerto 443/tcp para explotar la vulnerabilidad. No se requieren credenciales válidas ni interacción por parte de un usuario legítimo para explotar la vulnerabilidad. No hay impacto ni en la confidencialidad ni en la integridad; solo la disponibilidad se ha visto temporalmente impactada. La vulnerabilidad puede ser desencadenada por herramientas disponibles de forma pública.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-07-10 CVE Reserved
  • 2018-09-12 CVE Published
  • 2024-06-26 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
Scalance X408 Firmware
Search vendor "Siemens" for product "Scalance X408 Firmware"
< 4.0.0
Search vendor "Siemens" for product "Scalance X408 Firmware" and version " < 4.0.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance X408
Search vendor "Siemens" for product "Scalance X408"
--
Safe
Siemens
Search vendor "Siemens"
Scalance X300 Firmware
Search vendor "Siemens" for product "Scalance X300 Firmware"
< 4.0.0
Search vendor "Siemens" for product "Scalance X300 Firmware" and version " < 4.0.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance X300
Search vendor "Siemens" for product "Scalance X300"
--
Safe
Siemens
Search vendor "Siemens"
Scalance X414 Firmware
Search vendor "Siemens" for product "Scalance X414 Firmware"
--
Affected
in Siemens
Search vendor "Siemens"
Scalance X414
Search vendor "Siemens" for product "Scalance X414"
--
Safe