CVE-2012-1799

2012-04-1810:33:34

CWE-287

[email protected]

web.nvd.nist.gov

siemens

scalance s

security module

firewall

web server

remote attackers

brute-force attack

cve-2012-1799

nvd

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.9%

JSON

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

Affected configurations

NVD

Node

siemensscalance_s_firmwareRange≤2.3.0

siemensscalance_s_firmwareMatch2.1.0

siemensscalance_s_firmwareMatch2.2.0

AND

siemensscalance_s602Matchv2

siemensscalance_s612Matchv2

siemensscalance_s613Matchv2

CPENameOperatorVersion
siemens:scalance_s_firmwaresiemens scalance s firmwarele2.3.0
siemens:scalance_s_firmwaresiemens scalance s firmwareeq2.1.0
siemens:scalance_s_firmwaresiemens scalance s firmwareeq2.2.0
siemens:scalance_s602siemens scalance s602eqv2
siemens:scalance_s612siemens scalance s612eqv2
siemens:scalance_s613siemens scalance s613eqv2

CPE	Name	Operator	Version
siemens:scalance_s_firmware	siemens scalance s firmware	le	2.3.0
siemens:scalance_s_firmware	siemens scalance s firmware	eq	2.1.0
siemens:scalance_s_firmware	siemens scalance s firmware	eq	2.2.0
siemens:scalance_s602	siemens scalance s602	eq	v2
siemens:scalance_s612	siemens scalance s612	eq	v2
siemens:scalance_s613	siemens scalance s613	eq	v2