#VU24311 Missing Authentication for Critical Function in Siemens products - CVE-2019-13933
Published: January 15, 2020
Vulnerability identifier: #VU24311
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-13933
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SCALANCE X-200RNA
SCALANCE X-300
SCALANCE X-408
SCALANCE X-200RNA
SCALANCE X-300
SCALANCE X-408
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to violate access-control rules.
The vulnerability exists due to the affected system contains an authentication bypass vulnerability. A remote attacker can send a specially crafted GET request to specific uniform resource locator on the web configuration interface of the device and obtain sensitive information or change the device configuration.
Remediation
Install updates from vendor's website.