Weak Random Number Generation in Siemens SCALANCE X-200 Switches
CVE-2013-5709

Currently unrated

Key Information:

Vendor: Siemens
Status: Scalance X-200 Series Firmware; Scalance X-200; Scalance X-200rna; Scalance X200-4p Irt
Vendor: CVE Published:; 17 September 2013

What is CVE-2013-5709?

The authentication mechanism implemented in the web server of Siemens SCALANCE X-200 switches with firmware versions prior to 5.0.0 is inadequately designed, as it fails to use a robust source of entropy for generating random numbers. This shortcoming enables malicious actors to predict random values more easily, leading to the potential hijacking of active sessions. Organizations using affected devices should prioritize updating their firmware to mitigate these security risks.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-85070...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2013
Vulnerability Reserved
Sep 6, 2013