Siemens SCALANCE X-200 Switches < 5.0.0 Insufficient Entropy

high Nessus Network Monitor Plugin ID 720041

Synopsis

The authentication implementation in the web server on Siemens SCALANCE X-200 switches does not use a sufficient source of entropy for generating values of random numbers.

Description

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

Plugin Details

Severity: High

ID: 720041

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

Vulnerability Information

Patch Publication Date: 9/11/2013

Vulnerability Publication Date: 9/11/2013

Reference Information

CVE: CVE-2013-5709

Detections

Analytics