CVE-2019-13924 - OpenCVE

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Scalance X-300 Scalance Xf-200 Firmware Scalance Xr-300wg Scalance Xp-200 Scalance Xc-200 Firmware Scalance Xr-300 Scalance Xr-300wg Firmware Scalance Xc-200 Scalance Xr-300 Firmware Scalance Xp-200 Firmware Scalance Xf-200 Scalance Xb-200 Firmware Scalance X-200irt Firmware Scalance X-200irt Scalance X-300 Firmware Scalance Xb-200

Configuration 1 [-]

AND

cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:scalance_xf-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf-200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf	Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-042-07

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2020-02-11T00:00:00

Updated: 2022-12-13T00:00:00

Reserved: 2019-07-18T00:00:00

Link: CVE-2019-13924

JSON object: View

NVD Information

Status : Modified

Published: 2020-02-11T16:15:14.430

Modified: 2022-12-13T17:15:12.527

Link: CVE-2019-13924

JSON object: View

Redhat Information

No data.

CWE