Vulnerability Name:

CVE-2018-4842

Assigned:2018-06-12
Published:2018-06-12
Updated:2018-08-11
Summary:A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site.
CVSS v3 Severity:4.8 Medium (CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
4.6 Medium (Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
5.4 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
5.2 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
References:Source: BID
Type: VENDOR_ADVISORY
104494

Source: CONFIRM
Type: VENDOR_ADVISORY
https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf

Source: XF
Type: UNKNOWN
siemens-scalance-cve20184842-xss(144695)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:siemens:scalance_x200irt_firmware:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:siemens:scalance_x200irt_firmware:5.1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:scalance_x200_irt:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:siemens:scalance_x300_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:scalance_x300:-:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/h:siemens:scalance_x200:-:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/h:siemens:scalance_x-300:-:*:*:*:*:*:*:*
  • OR cpe:/h:siemens:scalance_x-200:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    siemens scalance x200irt firmware 5.0.0
    siemens scalance x200irt firmware 5.1.0
    siemens scalance x200 irt -
    siemens scalance x300 firmware -
    siemens scalance x300 -
    siemens scalance x200 -
    siemens scalance x-300 -
    siemens scalance x-200 -