1. Home
  2. CVE Database
  3. CVE-2013-5709
HIGH · 8.3

CVE-2013-5709

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, w...

Vulnerability Description

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.

CVSS Score

8.3

HIGH

AV:N/AC:M/Au:N/C:P/I:P/A:C
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
COMPLETE

Affected Products

VendorProductVersions
SiemensScalance X-200 Series Firmware<= 4.4
SiemensScalance X-200-
SiemensScalance X-200Rna-
SiemensScalance X200-4P Irt-
SiemensScalance X201-3P Irt-
SiemensScalance X202-2Irt-
SiemensScalance X202-2P Irt-
SiemensScalance X204Irt-
SiemensScalance Xf-200-

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2013-5709?

CVE-2013-5709 is a vulnerability with a CVSS score of 8.3 (HIGH). The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, w...

How severe is CVE-2013-5709?

CVE-2013-5709 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-5709?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X-200 Series Firmware, Siemens Scalance X-200, Siemens Scalance X-200Rna, Siemens Scalance X200-4P Irt, Siemens Scalance X201-3P Irt.