Lucene search

[email protected]NVD:CVE-2013-4651

HistoryAug 01, 2013 - 1:32 p.m.

CVE-2013-4651

2013-08-0113:32:26

CWE-255

[email protected]

web.nvd.nist.gov

6.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:P/I:P/A:C

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.4%

JSON

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers’ installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate’s trust relationship.

Affected configurations

NVD

Node

siemensscalance_w700_series_firmwareRange≤4.4.0

AND

siemensscalance_w744-1Match-

siemensscalance_w744-1proMatch-

siemensscalance_w746-1Match-

siemensscalance_w746-1proMatch-

siemensscalance_w747-1Match-

siemensscalance_w747-1rrMatch-

siemensscalance_w784-1Match-

siemensscalance_w784-1rrMatch-

siemensscalance_w786-1proMatch-

siemensscalance_w786-2proMatch-

siemensscalance_w786-2rrMatch-

siemensscalance_w786-3proMatch-

siemensscalance_w788-1proMatch-

siemensscalance_w788-1rrMatch-

siemensscalance_w788-2proMatch-

siemensscalance_w788-2rrMatch-

References

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf

6.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:P/I:P/A:C

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.4%

JSON

Related for NVD:CVE-2013-4651

prion1 cvelist1 cve1 seebug1 nessus1 ics1