Weak Random Number Generation in Siemens SCALANCE X-200 Switches
CVE-2013-5709

Currently unrated

Key Information:

Vendor
Siemens
Status
Scalance X-200 Series Firmware
Scalance X-200
Scalance X-200rna
Scalance X200-4p Irt
Vendor
CVE Published:
17 September 2013

Summary

The authentication mechanism implemented in the web server of Siemens SCALANCE X-200 switches with firmware versions prior to 5.0.0 is inadequately designed, as it fails to use a robust source of entropy for generating random numbers. This shortcoming enables malicious actors to predict random values more easily, leading to the potential hijacking of active sessions. Organizations using affected devices should prioritize updating their firmware to mitigate these security risks.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...
x_refsource_CONFIRM
http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-85070...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.