CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
80.9%
The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | scalance_s_firmware | * | cpe:2.3:a:siemens:scalance_s_firmware:*:*:*:*:*:*:*:* |
siemens | scalance_s_firmware | 2.1.0 | cpe:2.3:a:siemens:scalance_s_firmware:2.1.0:*:*:*:*:*:*:* |
siemens | scalance_s_firmware | 2.2.0 | cpe:2.3:a:siemens:scalance_s_firmware:2.2.0:*:*:*:*:*:*:* |
siemens | scalance_s602 | v2 | cpe:2.3:h:siemens:scalance_s602:v2:*:*:*:*:*:*:* |
siemens | scalance_s612 | v2 | cpe:2.3:h:siemens:scalance_s612:v2:*:*:*:*:*:*:* |
siemens | scalance_s613 | v2 | cpe:2.3:h:siemens:scalance_s613:v2:*:*:*:*:*:*:* |