Vulnerability Description
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Scalance X200Irt Firmware | <= 5.0.0 |
| Siemens | Scalance X200-4P Irt | - |
| Siemens | Scalance X201-3P Irt | - |
| Siemens | Scalance X202-2Irt | - |
| Siemens | Scalance X202-2P Irt | - |
| Siemens | Scalance X204Irt | - |
| Siemens | Scalance Xf204Irt | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf
FAQ
What is CVE-2013-3634?
CVE-2013-3634 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch ...
How severe is CVE-2013-3634?
CVE-2013-3634 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3634?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X200Irt Firmware, Siemens Scalance X200-4P Irt, Siemens Scalance X201-3P Irt, Siemens Scalance X202-2Irt, Siemens Scalance X202-2P Irt.