SB2020011504 - Authentication bypass in Siemens SCALANCE X Switches
Published: January 15, 2020
Security Bulletin ID
SB2020011504
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Missing Authentication for Critical Function (CVE-ID: CVE-2019-13933)
The vulnerability allows a remote attacker to violate access-control rules.
The vulnerability exists due to the affected system contains an authentication bypass vulnerability. A remote attacker can send a specially crafted GET request to specific uniform resource locator on the web configuration interface of the device and obtain sensitive information or change the device configuration.
Remediation
Install update from vendor's website.