CVE-2012-1799

2012-04-1810:33:34

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.007

Percentile

80.9%

JSON

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

Affected configurations

Nvd

Node

siemensscalance_s_firmwareRange≤2.3.0

siemensscalance_s_firmwareMatch2.1.0

siemensscalance_s_firmwareMatch2.2.0

AND

siemensscalance_s602Matchv2

siemensscalance_s612Matchv2

siemensscalance_s613Matchv2

VendorProductVersionCPE
siemensscalance_s_firmware*cpe:2.3:a:siemens:scalance_s_firmware:*:*:*:*:*:*:*:*
siemensscalance_s_firmware2.1.0cpe:2.3:a:siemens:scalance_s_firmware:2.1.0:*:*:*:*:*:*:*
siemensscalance_s_firmware2.2.0cpe:2.3:a:siemens:scalance_s_firmware:2.2.0:*:*:*:*:*:*:*
siemensscalance_s602v2cpe:2.3:h:siemens:scalance_s602:v2:*:*:*:*:*:*:*
siemensscalance_s612v2cpe:2.3:h:siemens:scalance_s612:v2:*:*:*:*:*:*:*
siemensscalance_s613v2cpe:2.3:h:siemens:scalance_s613:v2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	scalance_s_firmware	*	cpe:2.3:a:siemens:scalance_s_firmware::::::::
siemens	scalance_s_firmware	2.1.0	cpe:2.3:a:siemens:scalance_s_firmware:2.1.0:::::::*
siemens	scalance_s_firmware	2.2.0	cpe:2.3:a:siemens:scalance_s_firmware:2.2.0:::::::*
siemens	scalance_s602	v2	cpe:2.3:h:siemens:scalance_s602:v2:::::::*
siemens	scalance_s612	v2	cpe:2.3:h:siemens:scalance_s612:v2:::::::*
siemens	scalance_s613	v2	cpe:2.3:h:siemens:scalance_s613:v2:::::::*