Vulnerability Name: CVE-2018-4833 (CCN-144827) Assigned: 2018-06-14 Published: 2018-06-14 Updated: 2020-12-14 Summary: A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. CVSS v3 Severity: 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 5.8 Medium (CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:A/AC:H/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 CWE-122 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2018-4833 Multiple Siemens Products CVE-2018-4833 Remote Code Execution Vulnerability Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf siemens-cve20184833-code-exec(144827) Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C Vulnerable Configuration: Configuration 1 :cpe:/o:siemens:rfid_181-eip_firmware:-:*:*:*:*:*:*:* AND cpe:/h:siemens:rfid_181-eip:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:siemens:ruggedcom_wimax_firmware:4.5:*:*:*:*:*:*:* OR cpe:/o:siemens:ruggedcom_wimax_firmware:4.4:*:*:*:*:*:*:* AND cpe:/h:siemens:ruggedcom_wimax:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:* (Version < 5.2.3)AND cpe:/h:siemens:scalance_x200:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:* (Version < 5.4.1)AND cpe:/h:siemens:scalance_x200irt:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:siemens:scalance_x204rna_firmware:-:*:*:*:*:*:*:* AND cpe:/h:siemens:scalance_x204rna:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:siemens:scalance_x300_firmware:-:*:*:*:*:*:*:* AND cpe:/h:siemens:scalance_x300:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:siemens:scalance_x408_firmware:-:*:*:*:*:*:*:* AND cpe:/h:siemens:scalance_x408:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:* AND cpe:/h:siemens:scalance_x414:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:siemens:simatic_rf182c_firmware:-:*:*:*:*:*:*:* AND cpe:/h:siemens:simatic_rf182c:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:siemens:rfid_181-eip:-:*:*:*:*:*:*:* OR cpe:/h:siemens:scalance_x-200:-:*:*:*:*:*:*:* OR cpe:/h:siemens:scalance_x-200_irt:-:*:*:*:*:*:*:* OR cpe:/h:siemens:scalance_x204rna:-:*:*:*:*:*:*:* OR cpe:/h:siemens:scalance_x-300:-:*:*:*:*:*:*:* OR cpe:/h:siemens:scalance_x408:-:*:*:*:*:*:*:* OR cpe:/h:siemens:scalance_x414:-:*:*:*:*:*:*:* OR cpe:/h:siemens:simatic_rf182c:-:*:*:*:*:*:*:* BACK
siemens rfid 181-eip firmware -
siemens rfid 181-eip -
siemens ruggedcom wimax firmware 4.5
siemens ruggedcom wimax firmware 4.4
siemens ruggedcom wimax -
siemens scalance x200 firmware *
siemens scalance x200 -
siemens scalance x200irt firmware *
siemens scalance x200irt -
siemens scalance x204rna firmware -
siemens scalance x204rna -
siemens scalance x300 firmware -
siemens scalance x300 -
siemens scalance x408 firmware -
siemens scalance x408 -
siemens scalance x414 firmware -
siemens scalance x414 -
siemens simatic rf182c firmware -
siemens simatic rf182c -
siemens rfid 181-eip -
siemens scalance x-200 -
siemens scalance x-200 irt -
siemens scalance x204rna -
siemens scalance x-300 -
siemens scalance x408 -
siemens scalance x414 -
siemens simatic rf182c -
Denotes that component is vulnerable