Vulnerability CVE-2012-1799


Published: 2012-04-18

Description:
The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Siemens -> Scalance s firmware 
Siemens -> Scalance s602 
Siemens -> Scalance s612 
Siemens -> Scalance s613 

 References:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf
http://support.automation.siemens.com/WW/view/en/59869684

Copyright 2020, cxsecurity.com

 

Back to Top