CVE-2018-4842 — MEDIUM (4.8)

Q: How severe is CVE-2018-4842?

CVE-2018-4842 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-4842?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X200Irt Firmware, Siemens Scalance X200 Irt, Siemens Scalance X300 Firmware, Siemens Scalance X300, Siemens Scalance X200 Firmware.

Vulnerability Description

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Scalance X200Irt Firmware	< 5.4.1
Siemens	Scalance X200 Irt	-
Siemens	Scalance X300 Firmware	-
Siemens	Scalance X300	-
Siemens	Scalance X200 Firmware	< 5.2.3
Siemens	Scalance X200	-

Related Weaknesses (CWE)

CWE-79

References

https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdfMitigationVendor Advisory
https://www.securityfocus.com/bid/104494
https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdfMitigationVendor Advisory
https://www.securityfocus.com/bid/104494

FAQ

What is CVE-2018-4842?

CVE-2018-4842 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 swit...

How severe is CVE-2018-4842?

CVE-2018-4842 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-4842?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X200Irt Firmware, Siemens Scalance X200 Irt, Siemens Scalance X300 Firmware, Siemens Scalance X300, Siemens Scalance X200 Firmware.