CWE
79
Advisory Published
Updated

CVE-2018-4842: XSS

First published: Thu Jun 14 2018(Updated: )

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens Scalance X200irt Firmware<5.4.1
Siemens Scalance X200 Irt
Siemens Scalance X300 Firmware
Siemens Scalance X300
Siemens Scalance X200 Firmware<5.2.3
Siemens Scalance X200

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2018-4842?

    CVE-2018-4842 is a vulnerability identified in SCALANCE X-200IRT switch family and SCALANCE X-300 switch family.

  • What is the severity of CVE-2018-4842?

    The severity of CVE-2018-4842 is medium with a CVSS score of 4.8.

  • Which software versions are affected by CVE-2018-4842?

    All versions prior to V5.4.1 of SCALANCE X-200IRT switch family, SCALANCE X-200RNA switch family, and all versions prior to V4.1.3 of SCALANCE X-300 switch family are affected.

  • How can I fix CVE-2018-4842?

    Update your SCALANCE X-200IRT switch family and SCALANCE X-300 switch family to versions V5.4.1 and V4.1.3 or higher, respectively.

  • Where can I find more information on CVE-2018-4842?

    You can find more information on CVE-2018-4842 at the following references: [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf) and [SecurityFocus](https://www.securityfocus.com/bid/104494).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203