Vulnerability CVE-2013-4651


Published: 2013-08-01

Description:
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.6/10
8.5/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Complete
Affected software
Siemens -> Scalance w788-2rr 
Siemens -> Scalance w700 series firmware 
Siemens -> Scalance w744-1 
Siemens -> Scalance w744-1pro 
Siemens -> Scalance w746-1 
Siemens -> Scalance w746-1pro 
Siemens -> Scalance w747-1 
Siemens -> Scalance w747-1rr 
Siemens -> Scalance w784-1 
Siemens -> Scalance w784-1rr 
Siemens -> Scalance w786-1pro 
Siemens -> Scalance w786-2pro 
Siemens -> Scalance w786-2rr 
Siemens -> Scalance w786-3pro 
Siemens -> Scalance w788-1pro 
Siemens -> Scalance w788-1rr 
Siemens -> Scalance w788-2pro 

 References:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf

Copyright 2022, cxsecurity.com

 

Back to Top