ID
VAR-201308-0352
CVE
CVE-2013-4652
TITLE
Siemens Scalance W-700 Series Authentication Bypass Vulnerability
Trust: 0.8
sources:
IVD: ce08814a-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-11279
DESCRIPTION
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection. The Siemens Scalance W-700 Series is an industrial wireless switch device developed by Siemens. Devices supporting IEEE 802.11a/b/g with firmware version < v4.5.4 below are affected by this vulnerability: SCALANCE W744-1, W746-1, W747-1 SCALANCE W744-1PRO, W746-1PRO, W747-1RR SCALANCE W784- 1, W784-1RR SCALANCE W786-1PRO, W786-2PRO, W786-3PRO, W786-2RR SCALANCE W788-1PRO, W788-2PRO, W788-1RR, W788-2RR. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and completely compromise an affected system. Siemens Scalance W-700 Series running firmware versions prior to 4.5.4 are vulnerable
Trust: 2.7
sources:
NVD: CVE-2013-4652 //
JVNDB: JVNDB-2013-003625 //
CNVD: CNVD-2013-11279 //
BID: 61540 //
IVD: ce08814a-2352-11e6-abef-000c29c66e3d //
VULHUB: VHN-64654
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
sources:
IVD: ce08814a-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-11279
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance w747-1rr | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w746-1pro | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w747-1 | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w744-1pro | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w786-2pro | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w784-1 | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w788-2rr | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w746-1 | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w788-1rr | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w788-2pro | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w786-1pro | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w786-2rr | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w784-1rr | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w788-1pro | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w744-1 | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w786-3pro | scope: | eq | version: | - | Trust: 1.2 |
| vendor: | siemens | model: | scalance w700 series | scope: | lte | version: | 4.4.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance w700 series | scope: | eq | version: | 4.4.0 | Trust: 0.8 |
| vendor: | siemens | model: | scalance w700 series | scope: | lt | version: | 4.5.4 | Trust: 0.8 |
| vendor: | siemens | model: | scalance w744-1 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w744-1pro | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w746-1 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w746-1pro | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w747-1 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w747-1rr | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w784-1 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w784-1rr | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w786-1pro | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w786-2pro | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w786-2rr | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w786-3pro | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w788-1pro | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w788-1rr | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w788-2pro | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w788-2rr | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance w-700 series | scope: | - | version: | - | Trust: 0.6 |
| vendor: | siemens | model: | scalance w-7xx product family | scope: | lt | version: | 4.5.4 | Trust: 0.2 |
sources:
IVD: ce08814a-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-11279 //
JVNDB: JVNDB-2013-003625 //
CNNVD: CNNVD-201307-684 //
NVD: CVE-2013-4652
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
IVD: ce08814a-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-11279 //
VULHUB: VHN-64654 //
JVNDB: JVNDB-2013-003625 //
CNNVD: CNNVD-201307-684 //
NVD: CVE-2013-4652
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
sources:
NVD: CVE-2013-4652
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201307-684
TYPE
lack of information
Trust: 0.6
sources:
CNNVD: CNNVD-201307-684
CONFIGURATIONS
sources:
JVNDB: JVNDB-2013-003625
PATCH
| title: | SSA-120908 | url: | http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf | Trust: 0.8 |
| title: | Siemens Scalance W-700 Series Authentication Vulnerability Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/37985 | Trust: 0.6 |
sources:
CNVD: CNVD-2013-11279 //
JVNDB: JVNDB-2013-003625
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-4652 | Trust: 3.6 |
| db: | SIEMENS | id: | SSA-120908 | Trust: 2.3 |
| db: | BID | id: | 61540 | Trust: 1.6 |
| db: | CNNVD | id: | CNNVD-201307-684 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2013-11279 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-13-213-01 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2013-003625 | Trust: 0.8 |
| db: | SECUNIA | id: | 54168 | Trust: 0.6 |
| db: | IVD | id: | CE08814A-2352-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
| db: | SEEBUG | id: | SSVID-89656 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-64654 | Trust: 0.1 |
sources:
IVD: ce08814a-2352-11e6-abef-000c29c66e3d //
CNVD: CNVD-2013-11279 //
VULHUB: VHN-64654 //
BID: 61540 //
JVNDB: JVNDB-2013-003625 //
CNNVD: CNNVD-201307-684 //
NVD: CVE-2013-4652
REFERENCES
| url: | http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf | Trust: 2.3 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4652 | Trust: 0.8 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-13-213-01 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4652 | Trust: 0.8 |
| url: | http://www.secunia.com/advisories/54168/ | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/61540 | Trust: 0.6 |
| url: | http://subscriber.communications.siemens.com/ | Trust: 0.3 |
sources:
CNVD: CNVD-2013-11279 //
VULHUB: VHN-64654 //
BID: 61540 //
JVNDB: JVNDB-2013-003625 //
CNNVD: CNNVD-201307-684 //
NVD: CVE-2013-4652
CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
BID: 61540
SOURCES
| db: | IVD | id: | ce08814a-2352-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2013-11279 |
| db: | VULHUB | id: | VHN-64654 |
| db: | BID | id: | 61540 |
| db: | JVNDB | id: | JVNDB-2013-003625 |
| db: | CNNVD | id: | CNNVD-201307-684 |
| db: | NVD | id: | CVE-2013-4652 |
LAST UPDATE DATE
2025-04-11T22:53:17.155000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-11279 | date: | 2013-08-05T00:00:00 |
| db: | VULHUB | id: | VHN-64654 | date: | 2013-08-01T00:00:00 |
| db: | BID | id: | 61540 | date: | 2013-08-01T17:26:00 |
| db: | JVNDB | id: | JVNDB-2013-003625 | date: | 2013-08-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201307-684 | date: | 2013-08-13T00:00:00 |
| db: | NVD | id: | CVE-2013-4652 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | IVD | id: | ce08814a-2352-11e6-abef-000c29c66e3d | date: | 2013-08-05T00:00:00 |
| db: | CNVD | id: | CNVD-2013-11279 | date: | 2013-08-02T00:00:00 |
| db: | VULHUB | id: | VHN-64654 | date: | 2013-08-01T00:00:00 |
| db: | BID | id: | 61540 | date: | 2013-07-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-003625 | date: | 2013-08-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201307-684 | date: | 2013-07-31T00:00:00 |
| db: | NVD | id: | CVE-2013-4652 | date: | 2013-08-01T13:32:26.093 |