Page 3 of 13 results (0.018 seconds)

CVSS: 8.3EPSS: 0%CPEs: 13EXPL: 0

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value. La implementación de autentificación en el servidor web de los switches Siemens SCALANCE X-200 con firmware anterior a 5.0.0 no utiliza suficiente fuente de entropía para generar valores de numeros aleatorios, lo que hace mucho más fácil para un atacante remoto secuestrar sesiones prediciendo un valor. • http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials. • https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf • CWE-20: Improper Input Validation •

CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account. • https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf • CWE-264: Permissions, Privileges, and Access Controls •