1. Home
  2. CVE Database
  3. CVE-2013-4651
MEDIUM · 6.6

CVE-2013-4651

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-i...

Vulnerability Description

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.

CVSS Score

6.6

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:C
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
COMPLETE

Affected Products

VendorProductVersions
SiemensScalance W700 Series Firmware<= 4.4.0
SiemensScalance W744-1-
SiemensScalance W744-1Pro-
SiemensScalance W746-1-
SiemensScalance W746-1Pro-
SiemensScalance W747-1-
SiemensScalance W747-1Rr-
SiemensScalance W784-1-
SiemensScalance W784-1Rr-
SiemensScalance W786-1Pro-
SiemensScalance W786-2Pro-
SiemensScalance W786-2Rr-
SiemensScalance W786-3Pro-
SiemensScalance W788-1Pro-
SiemensScalance W788-1Rr-
SiemensScalance W788-2Pro-
SiemensScalance W788-2Rr-

Related Weaknesses (CWE)

CWE-255

References

FAQ

What is CVE-2013-4651?

CVE-2013-4651 is a vulnerability with a CVSS score of 6.6 (MEDIUM). Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-i...

How severe is CVE-2013-4651?

CVE-2013-4651 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4651?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance W700 Series Firmware, Siemens Scalance W744-1, Siemens Scalance W744-1Pro, Siemens Scalance W746-1, Siemens Scalance W746-1Pro.