CVE-2013-4651
https://notcve.org/view.php?id=CVE-2013-4651
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship. Los dispositivos Siemens Scalance W7xx con firmware anterior a 4.5.4 utiliza el certificado X.509 embebido (hardcoded) para distintas instalaciones, lo que facilita a atacantes remotos llevar a cabo ataques man-in-the-middle contra las sesiones SSL aprovechando las relaciones de confianza del certificado. • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf • CWE-255: Credentials Management Errors •
CVE-2013-4652
https://notcve.org/view.php?id=CVE-2013-4652
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection. Vulnerabilidad sin especificar en el interfaz de gestión de los dispositivos Siemens Scalance W7xx con firmware anterior a 4.5.4, permite a atacantes remotos evitar la autenticación y ejecutar código arbitrario a través de conexiones (1)SSH o (2)Telnet. • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf •