Vulnerability Details : CVE-2013-3634
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2013-3634
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-3634
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-3634
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3634
Products affected by CVE-2013-3634
- cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*