Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0111 A vulnerability has been identified in Siemens SCALANCE X-200 Switch Family 4 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Siemens SCALANCE X-200 Switches Operating System: Network Appliance Impact/Access: Administrator Compromise -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-5944 Member content until: Sunday, November 3 2013 OVERVIEW A vulnerability has been identified in Siemens SCALANCE X-200 Switch Family. [1] IMPACT The vendor has provided the following details regarding these vulnerability: "Vulnerability Description (CVE-2013-5944) The integrated web server of SCALANCE X-200 switches might allow attackers to perform administrative operations over the network without authentication. CVSS Base Score 10.0 CVSS Temporal Score 7.8 CVSS Overall Score 7.8 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C) Mitigating factors: The attacker must have network access to the device" [1] MITIGATION The vendor recommends upgrading to the current SCALANCE X-200 firmware versions V5.0.1 (non-IRT) and V5.1.2 (IRT). [1] REFERENCES [1] SSA-176087: Unauthenticated Access to Critical Services in SCALANCE X-200 Switch Family http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUk4vchLndAQH1ShLAQIKpBAAkEPdV/L9LeafTwZe9wguR2dET/x1SC+9 wHTHvovS3oOntUwjGQenAMh3Dc/INC3s+ryE+UDPgz6nsC5BWo/vK6x4mAhRunTt Ji7hgRDySlFWOXe8QBye6ZxjkPAl7l17qkCgyfCrm6F24aj+pniA02PtVVooPkdK yhEj2wBWa19WIB4BaVmpF8Ew1e96GQaFtBUBYBg/xkndHrSyqWLZepqxKJ1/gLcC ugfOpVzUrbBJNVCpYK7U7D9I709kL+Qdiusi1BojSUfIYiSSLLM5Pyol5rxiojHO s+DupNW+pNUDCmAmK48MOatkHiwV6UnNewmgxQNhf6nxI6E5Zl+fMl5NXLG3W5cv +DYMJYin2OKc5qIVdXeFLAc2UjoXOOap9uPoP5IUS+O7sgx18W7nqQO+nWmkitp5 RCpZheyj8q31AdLM1XfMZ8BafkfI89miomRNZxtxh97CkZTaTr5/WGCK04nS/L3r mIhuz9gVYhmz65H5nKmJJNrXQHoUNNJSX0LwCbE3qdzt7Sj+JQWzw/9jYrlRr2S+ FyvfVHpLl4DCXsg/PbT6B6mwtyAbc0psDCnMyQWKZbhdLxiQY0muQ1VydlFeRD4p Pk2HmcfeuWLn1yhmIGihzW7CejXNCETOBxleglDOLnp9hj0z5YgyfYn5hiwjDaac nL3Lu/YE5vE= =03KF -----END PGP SIGNATURE-----