Unrated severityNVD Advisory· Published Sep 12, 2018· Updated Sep 17, 2024

CVE-2018-13807

Description

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Siemens SCALANCE X switches vulnerable to DoS via crafted packets on port 443/TCP, causing device reboot.

Vulnerability

The vulnerability exists in the web interface on port 443/TCP of Siemens SCALANCE X300 (all versions prior to 4.0.0), SCALANCE X408 (all versions prior to 4.0.0), and SCALANCE X414 (all versions). Due to improper input validation (CWE-20), sending specially crafted packets can cause the device to reboot.

Exploitation

An attacker with network access to port 443/TCP can exploit the vulnerability without authentication or user interaction. Publicly available tools can be used to trigger the condition.

Impact

Successful exploitation leads to a denial-of-service condition, temporarily impacting network availability. There is no confidentiality or integrity impact.

Mitigation

Siemens has released updates: SCALANCE X300 should be updated to version 4.1.2, and SCALANCE X408 to version 4.0.0. For SCALANCE X414, no fix is available yet; Siemens provides mitigations as described in the advisory [1]. Users should apply the updates or workarounds as recommended.

References

Siemens SCALANCE X Switches | CISA

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Siemens Foundation/SCALANCE X300llm-create
Range: <4.0.0
Siemens Foundation/SCALANCE X408llm-create
Range: <4.0.0
Siemens Foundation/Scalance X414 3ellm-fuzzy
Siemens AG/SCALANCE X300, SCALANCE X408, SCALANCE X414v5
Range: SCALANCE X300 : All versions < V4.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/105331mitrevdb-entryx_refsource_BID
cert-portal.siemens.com/productcert/pdf/ssa-447396.pdfmitrex_refsource_CONFIRM
ics-cert.us-cert.gov/advisories/ICSA-18-254-05mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000