Vulnerability CVE-2013-4652


Published: 2013-08-01

Description:
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Siemens -> Scalance w744-1 
Siemens -> Scalance w700 series firmware 
Siemens -> Scalance w744-1pro 
Siemens -> Scalance w746-1 
Siemens -> Scalance w746-1pro 
Siemens -> Scalance w747-1 
Siemens -> Scalance w747-1rr 
Siemens -> Scalance w784-1 
Siemens -> Scalance w784-1rr 
Siemens -> Scalance w786-1pro 
Siemens -> Scalance w786-2pro 
Siemens -> Scalance w786-2rr 
Siemens -> Scalance w786-3pro 
Siemens -> Scalance w788-1pro 
Siemens -> Scalance w788-1rr 
Siemens -> Scalance w788-2pro 
Siemens -> Scalance w788-2rr 

 References:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf

Copyright 2020, cxsecurity.com

 

Back to Top