Vulnerability Description
The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Scalance S Firmware | <= 2.3.0 |
| Siemens | Scalance S602 | v2 |
| Siemens | Scalance S612 | v2 |
| Siemens | Scalance S613 | v2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/81033
- http://support.automation.siemens.com/WW/view/en/59869684
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdfUS Government Resource
- http://osvdb.org/81033
- http://support.automation.siemens.com/WW/view/en/59869684
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdfUS Government Resource
FAQ
What is CVE-2012-1799?
CVE-2012-1799 is a vulnerability with a CVSS score of 10.0 (HIGH). The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier f...
How severe is CVE-2012-1799?
CVE-2012-1799 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1799?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance S Firmware, Siemens Scalance S602, Siemens Scalance S612, Siemens Scalance S613.