Lucene search

[email protected]NVD:CVE-2013-5709

HistorySep 17, 2013 - 12:04 p.m.

CVE-2013-5709

2013-09-1712:04:28

CWE-189

[email protected]

web.nvd.nist.gov

8.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

6.8 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.7%

JSON

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.

Affected configurations

NVD

Node

siemensscalance_x-200_series_firmwareRange≤4.4

siemensscalance_x-200_series_firmwareMatch4.3

AND

siemensscalance_x-200Match-

siemensscalance_x-200rnaMatch-

siemensscalance_x200-4p_irtMatch-

siemensscalance_x201-3p_irtMatch-

siemensscalance_x201-3p_irtMatch--pro

siemensscalance_x202-2irtMatch-

siemensscalance_x202-2p_irtMatch-

siemensscalance_x202-2p_irtMatch--pro

siemensscalance_x204irtMatch-

siemensscalance_x204irtMatch--pro

siemensscalance_xf-200Match-

References

ics-cert.us-cert.gov/advisories/ICSA-13-254-01

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf

cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf

8.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

6.8 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.7%

JSON

Related for NVD:CVE-2013-5709

openvas1 ics1 cvelist1 prion1 cve1 nessus1