Auth bypass in Siemens Scalance_x-200rna
CVE-2019-13933
A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated)…
Vulnerability class: Broken Authentication
EPSS: 0.014 (68.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L.
Affected products
- Siemens Scalance_x-200rna
- Siemens Scalance_x-200rna_firmware
- Siemens Scalance_x204rna
- Siemens Scalance X204rna Eec (Hsr) — versions All versions < V3.2.7
- Siemens Scalance X204rna Eec (Prp) — versions All versions < V3.2.7
- Siemens Scalance X204rna Eec (Prp/hsr) — versions All versions < V3.2.7
- Siemens Scalance_x204rna_firmware
- Siemens Scalance X204rna (Hsr) — versions All versions < V3.2.7
- Siemens Scalance X204rna (Prp) — versions All versions < V3.2.7
- Siemens Scalance_x-300
Weakness classification (CWE)
References
- productcert@siemens.com (Vendor Advisory)
- productcert@siemens.com (Third Party Advisory)
Frequently asked questions
- What is CVE-2019-13933?
- CVE-2019-13933 is a high-severity vulnerability in Siemens Scalance_x-200rna, classified under Missing Authentication for Critical Function. CVSS score: 8.6/10. Published 2020-01-16.
- How severe is CVE-2019-13933?
- High severity. CVSS v3 base score is 8.6 out of 10.