CVE-2018-13807
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.
Se ha identificado una vulnerabilidad en SCALANCE X300 (todas las versiones anteriores a la V4.0.0), SCALANCE X408 (todas las versiones anteriores a la V4.0.0) y SCALANCE X414 (todas las versiones) La interfaz web en el puerto 443/tcp podría permitir que un atacante provoque una condición de denegación de servicio (DoS) mediante el envío de paquetes especialmente manipulados al servidor web. El dispositivo se reiniciará automáticamente, impactando en la disponibilidad de red para otros dispositivos. Un atacante debe tener acceso de red al puerto 443/tcp para explotar la vulnerabilidad. No se requieren credenciales válidas ni interacción por parte de un usuario legítimo para explotar la vulnerabilidad. No hay impacto ni en la confidencialidad ni en la integridad; solo la disponibilidad se ha visto temporalmente impactada. La vulnerabilidad puede ser desencadenada por herramientas disponibles de forma pública.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-10 CVE Reserved
- 2018-09-12 CVE Published
- 2024-06-26 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/105331 | Third Party Advisory | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Siemens Search vendor "Siemens" | Scalance X408 Firmware Search vendor "Siemens" for product "Scalance X408 Firmware" | < 4.0.0 Search vendor "Siemens" for product "Scalance X408 Firmware" and version " < 4.0.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X408 Search vendor "Siemens" for product "Scalance X408" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Scalance X300 Firmware Search vendor "Siemens" for product "Scalance X300 Firmware" | < 4.0.0 Search vendor "Siemens" for product "Scalance X300 Firmware" and version " < 4.0.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X300 Search vendor "Siemens" for product "Scalance X300" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Scalance X414 Firmware Search vendor "Siemens" for product "Scalance X414 Firmware" | - | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X414 Search vendor "Siemens" for product "Scalance X414" | - | - |
Safe
|