Release date:
Updated on:
Affected Systems:
Siemens Scalance X-200 Series Switches
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-5944
Siemens Scalance X200 series switches can be used to connect industrial components, such as PLC or HMI.
Security Vulnerabilities in Web Server Authentication for SCALANCE X-200 and X-200IRT switches allow attackers to perform administrator operations without authentication. This vulnerability is only applicable to earlier vswitches, from V4.5.0 (non-IRT) to V5.1.0 (IRT.
<* Source: Eireann Leverett
Link: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.automation.siemens.com/WW/llisapi.dll? Func = cslib. csinfo & lang = en & objid = 73470284 & caller
Http://support.automation.siemens.com/WW/view/en/82142251