Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-13807

UNKNOWN
Published 2018-09-12T14:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-13807. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Siemens AG

SCALANCE X300, SCALANCE X408, SCALANCE X414

Affected Versions:

SCALANCE X300 : All versions < V4.0.0 SCALANCE X408 : All versions < V4.0.0 SCALANCE X414 : All versions

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-x4vv-2q68-xx2p

Advisory Details

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-13807
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf
WEB https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05
WEB http://www.securityfocus.com/bid/105331

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05
http://www.securityfocus.com/bid/105331
https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf
Published: 2018-09-12T14:00:00Z
Last Modified: 2024-09-17T00:37:09.724Z
Copied to clipboard!