CVE-2013-5709
Last modified
CVE-2013-5709 is a vulnerability of currently unknown severity. The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.. EPSS estimates a 2.99% chance of exploitation in the next 30 days.
Description
The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Scalance X-200 Series Firmware | <= 4.4 |
| Siemens | Scalance X-200 Series Firmware | 4.3 |
| Siemens | Scalance X-200 | All versions |
| Siemens | Scalance X-200rna | All versions |
| Siemens | Scalance X200-4p Irt | All versions |
| Siemens | Scalance X201-3p Irt | All versions |
| Siemens | Scalance X202-2irt | All versions |
| Siemens | Scalance X202-2p Irt | All versions |
| Siemens | Scalance X204irt | All versions |
| Siemens | Scalance Xf-200 | All versions |
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01US Government Resource
- http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-5709?
How severe is CVE-2013-5709?
How do I fix CVE-2013-5709?
Are you affected by CVE-2013-5709?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST