Vulnerabilities > CVE-2013-4652 - Authentication Bypass vulnerability in Siemens Scalance W-700 Series

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

siemens

critical

NVD

Published: 2013-08-01

Updated: 2013-08-01

Summary

Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Scalance W700 Series Firmware 4.4.0	1
Hardware	Siemens Siemens Scalance W744 1 - Siemens Scalance W744 1Pro - Siemens Scalance W746 1 - Siemens Scalance W746 1Pro - Siemens Scalance W747 1 - Siemens Scalance W747 1RR - Siemens Scalance W784 1 - Siemens Scalance W784 1RR - Siemens Scalance W786 1Pro - Siemens Scalance W786 2Pro - Siemens Scalance W786 2RR - Siemens Scalance W786 3Pro - Siemens Scalance W788 1Pro - Siemens Scalance W788 1RR - Siemens Scalance W788 2Pro - Siemens Scalance W788 2RR -	16

References

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf