Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-13924

Published: 11/02/2020 Updated: 13/12/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an malicious user to perform administrative actions via the web interface.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

siemens scalance_xc-200_firmware

siemens scalance_xf-200_firmware

siemens scalance_xp-200_firmware

siemens scalance_x-200irt_firmware

siemens scalance_xb-200_firmware

siemens scalance_xr-300wg_firmware

siemens scalance_x-300_firmware

siemens scalance_xr-300_firmware

ICS Advisories

Siemens SCALANCE X Switches (Update C)
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-693https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdfhttps://www.us-cert.gov/ics/advisories/icsa-20-042-07https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-20-042-07
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30043cameraCVE-2023-40404CVE-2024-2793client sideCVE-2024-4469CVE-2024-3565CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook