CVE-2012-1799 — Improper Authentication in Siemens Scalance S Firmware

CWE-287 — Improper Authentication3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.8%

top 17.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance S Firmware Siemens Scalance S602 Siemens Scalance S612 +1 more

Timeline

PublishedApr 18

Latest updateMay 17

Description

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDsiemens/scalance_s_firmware2.3.0+2

▶NVDsiemens/scalance_s602v2

▶NVDsiemens/scalance_s612v2

▶NVDsiemens/scalance_s613v2

🔴Vulnerability Details

GHSA

GHSA-jv75-q996-4qm5: The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2↗2022-05-17

▶

CVEList

CVE-2012-1799: The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2↗2012-04-18

▶