Summary
Siemens Scalance X-200 Series switches are prone to a vulnerability in the entropy of random number generator.
Impact
Remote attackers can exploit this issue to hijack web sessions over the network without authentication. Other attacks are also possible.
Solution
Updates are available.
Insight
By requesting /fs/cfgFile.cfg it is possible to read the config of the remote device.
Affected
Siemens Scalance X-200 Series switches running firmware versions prior to 5.0.0 are vulnerable.
Detection
Check if it is possible to read the configuration with a HTTP GET request.
References
Severity
Classification
-
CVE CVE-2013-5709 -
CVSS Base Score: 8.3
AV:N/AC:M/Au:N/C:P/I:P/A:C
Related Vulnerabilities
- ActivePerl perlIS.dll Buffer Overflow
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- Admin News Tools Multiple Vulnerabilities