Siemens SCALANCE X-200 Web Session Hijacking

high Nessus Plugin ID 70531

Synopsis

The remote host is affected by a web session hijacking vulnerability.

Description

According to the self-reported version of the remote Siemens SCALANCE X-200 series device obtained from the SNMP system description, it is vulnerable to a web session hijacking vulnerability. This is due to a weakness in the integrated web server's random number generator.

Solution

Upgrade to firmware version 5.0.0 or higher.

See Also

http://www.nessus.org/u?e43ab9ee

http://support.automation.siemens.com/WW/view/en/78458674

Plugin Details

Severity: High

ID: 70531

File Name: scada_siemens_scalance_x200_web_hijack.nbin

Version: 1.68

Type: remote

Family: SCADA

Published: 10/21/2013

Updated: 5/20/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_x-200_series_firmware

Exploit Ease: No known exploits are available

Patch Publication Date: 9/4/2013

Vulnerability Publication Date: 9/11/2013

Reference Information

CVE: CVE-2013-5709

BID: 62341

ICSA: 13-254-01