Command injection

2013-05-2420:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.5%

JSON

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.

CPENameOperatorVersion
scalance_x200irt_firmwarele5.0.0

CPE	Name	Operator	Version
	scalance_x200irt_firmware	le	5.0.0

References

cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf