CVE-2019-13924 — MEDIUM (5.4)

Q: How severe is CVE-2019-13924?

CVE-2019-13924 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-13924?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance Xc-200 Firmware, Siemens Scalance Xc-200, Siemens Scalance Xf-200 Firmware, Siemens Scalance Xf-200, Siemens Scalance Xp-200 Firmware.

Vulnerability Description

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Scalance Xc-200 Firmware	< 5.2.4
Siemens	Scalance Xc-200	-
Siemens	Scalance Xf-200 Firmware	< 5.2.4
Siemens	Scalance Xf-200	-
Siemens	Scalance Xp-200 Firmware	< 5.2.4
Siemens	Scalance Xp-200	-
Siemens	Scalance X-200Irt Firmware	All versions
Siemens	Scalance X-200Irt	-
Siemens	Scalance Xb-200 Firmware	< 5.2.4
Siemens	Scalance Xb-200	-
Siemens	Scalance Xr-300Wg Firmware	< 4.1.3
Siemens	Scalance Xr-300Wg	-
Siemens	Scalance X-300 Firmware	< 4.1.3
Siemens	Scalance X-300	-
Siemens	Scalance Xr-300 Firmware	< 4.1.3
Siemens	Scalance Xr-300	-

Related Weaknesses (CWE)

CWE-693 CWE-1021

References

FAQ

What is CVE-2019-13924?

CVE-2019-13924 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X...

How severe is CVE-2019-13924?

CVE-2019-13924 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13924?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance Xc-200 Firmware, Siemens Scalance Xc-200, Siemens Scalance Xf-200 Firmware, Siemens Scalance Xf-200, Siemens Scalance Xp-200 Firmware.