Man-in-the-Middle Vulnerability in Siemens Scalance W7xx Devices
CVE-2013-4651

Currently unrated

Key Information:

Vendor: Siemens
Status: Scalance W700 Series Firmware; Scalance W744-1; Scalance W744-1pro; Scalance W746-1
Vendor: CVE Published:; 1 August 2013

Summary

Siemens Scalance W7xx devices running firmware prior to version 4.5.4 are affected by a man-in-the-middle vulnerability due to the use of a hardcoded X.509 certificate. This flaw compromises the integrity of SSL sessions, allowing potential attackers to exploit the trust relationship established by the certificate. As a result, unauthorized entities may gain the ability to intercept and manipulate encrypted communications across different customer installations.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 1, 2013