CVE-2018-13807

HIGH

SCALANCE X300, X408 < 4.0.0, X414 - Unauthenticated Denial of Service via Crafted Packets to Web Interface

Title source: llm

Description

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource, VDB Entry x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105331

Vendor Advisory x_refsource_confirm

https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf

Scores

CVSS v3 8.6

EPSS 0.0080

EPSS Percentile 74.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (3)

siemens/scalance_x300_firmware < 4.0.0

siemens/scalance_x408_firmware < 4.0.0

siemens/scalance_x414_firmware

Published Sep 12, 2018

Tracked Since Feb 18, 2026