Details of VAR-201309-0316

ID

VAR-201309-0316

CVE

CVE-2013-5709

TITLE

Siemens SCALANCE X-200 Series Switch Session Hijacking Vulnerability

Trust: 0.8

sources: IVD: abb36416-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13027

DESCRIPTION

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value. The Siemens Scalance X200 is an industrial Ethernet switch from Siemens. Remote attackers can exploit this issue to hijack web sessions over the network without authentication. Other attacks are also possible. Siemens Scalance X-200 Series switches running firmware versions prior to 5.0.0 are vulnerable

Trust: 2.7

sources: NVD: CVE-2013-5709 // JVNDB: JVNDB-2013-004188 // CNVD: CNVD-2013-13027 // BID: 62341 // IVD: abb36416-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-65711

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: abb36416-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13027

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance x-200 series	scope:	eq	version:	4.3	Trust: 1.6
vendor:	siemens	model:	scalance x202-2p irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x204irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x200-4p irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x-200	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x201-3p irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x-200rna	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance xf-200	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x-200 series	scope:	lte	version:	4.4	Trust: 1.0
vendor:	siemens	model:	scalance x202-2irt	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance x-200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x-200 series	scope:	lt	version:	5.0.0	Trust: 0.8
vendor:	siemens	model:	scalance x-200rna	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x200-4pirt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x201-3p irt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x202-2irt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x202-2p irt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x204irt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance xf-200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance series switches	scope:	eq	version:	x-200	Trust: 0.6
vendor:	siemens	model:	scalance x-200 series	scope:	eq	version:	4.4	Trust: 0.6
vendor:	scalance x202 2p irt	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	scalance x204irt	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	scalance x201 3p irt	model:	-	scope:	eq	version:	-	Trust: 0.4
vendor:	siemens	model:	scalance xf208	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance xf206-1	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance xf204-2	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance xf204	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x2240	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x2160	Trust: 0.3
vendor:	siemens	model:	scalance x212-2ld	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x212-20	Trust: 0.3
vendor:	siemens	model:	scalance x208pro	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x2080	Trust: 0.3
vendor:	siemens	model:	scalance x206-1ld	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x206-10	Trust: 0.3
vendor:	siemens	model:	scalance x204-2ts	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance x204-2ld	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x204-20	Trust: 0.3
vendor:	siemens	model:	scalance xf208	scope:	ne	version:	5.0	Trust: 0.3
vendor:	siemens	model:	scalance xf206-1	scope:	ne	version:	5.0	Trust: 0.3
vendor:	siemens	model:	scalance xf204-2	scope:	ne	version:	5.0	Trust: 0.3
vendor:	siemens	model:	scalance xf204	scope:	ne	version:	5.0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	ne	version:	x2245.0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	ne	version:	x2165.0	Trust: 0.3
vendor:	siemens	model:	scalance x212-2ld	scope:	ne	version:	5.0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	ne	version:	x212-25.0	Trust: 0.3
vendor:	siemens	model:	scalance x208pro	scope:	ne	version:	5.0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	ne	version:	x2085.0	Trust: 0.3
vendor:	siemens	model:	scalance x206-1ld	scope:	ne	version:	5.0	Trust: 0.3
vendor:	siemens	model:	scalance x204-2ts	scope:	ne	version:	5.0	Trust: 0.3
vendor:	siemens	model:	scalance x204-2ld	scope:	ne	version:	5.0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	ne	version:	x204-25.0	Trust: 0.3
vendor:	scalance x 200rna	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance x 200 series	model:	-	scope:	eq	version:	4.4	Trust: 0.2
vendor:	scalance x 200	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance x200 4p irt	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance x 200 series	model:	-	scope:	eq	version:	4.3	Trust: 0.2
vendor:	scalance x202 2irt	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	scalance xf 200	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: abb36416-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13027 // BID: 62341 // JVNDB: JVNDB-2013-004188 // CNNVD: CNNVD-201309-245 // NVD: CVE-2013-5709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5709
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5709
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-13027
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201309-245
value:	HIGH
Trust: 0.6
IVD:	abb36416-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-65711
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5709
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13027
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	abb36416-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-65711
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: abb36416-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13027 // VULHUB: VHN-65711 // JVNDB: JVNDB-2013-004188 // CNNVD: CNNVD-201309-245 // NVD: CVE-2013-5709

PROBLEMTYPE DATA

problemtype:

CWE-189

Trust: 1.9

sources: VULHUB: VHN-65711 // JVNDB: JVNDB-2013-004188 // NVD: CVE-2013-5709

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-245

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201309-245

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004188

PATCH

title:	SSA-850708	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf	Trust: 0.8
title:	Patch for the Siemens SCALANCE X-200 Series Switch Session Hijacking Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/39576	Trust: 0.6

sources: CNVD: CNVD-2013-13027 // JVNDB: JVNDB-2013-004188

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5709	Trust: 3.6
db:	ICS CERT	id:	ICSA-13-254-01	Trust: 2.8
db:	SIEMENS	id:	SSA-850708	Trust: 2.3
db:	BID	id:	62341	Trust: 1.0
db:	CNNVD	id:	CNNVD-201309-245	Trust: 0.9
db:	CNVD	id:	CNVD-2013-13027	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004188	Trust: 0.8
db:	SECUNIA	id:	54784	Trust: 0.6
db:	IVD	id:	ABB36416-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SEEBUG	id:	SSVID-89653	Trust: 0.1
db:	VULHUB	id:	VHN-65711	Trust: 0.1

sources: IVD: abb36416-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13027 // VULHUB: VHN-65711 // BID: 62341 // JVNDB: JVNDB-2013-004188 // CNNVD: CNNVD-201309-245 // NVD: CVE-2013-5709

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-254-01	Trust: 2.5
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5709	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5709	Trust: 0.8
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-850708.pdf	Trust: 0.6
url:	http://www.secunia.com/advisories/54784/	Trust: 0.6
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-13-254-01#footnoteb_gtr58ow	Trust: 0.3

sources: CNVD: CNVD-2013-13027 // VULHUB: VHN-65711 // BID: 62341 // JVNDB: JVNDB-2013-004188 // CNNVD: CNNVD-201309-245 // NVD: CVE-2013-5709

CREDITS

Eireann Leverett of IOActive

Trust: 0.9

sources: BID: 62341 // CNNVD: CNNVD-201309-245

SOURCES

db:	IVD	id:	abb36416-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-13027
db:	VULHUB	id:	VHN-65711
db:	BID	id:	62341
db:	JVNDB	id:	JVNDB-2013-004188
db:	CNNVD	id:	CNNVD-201309-245
db:	NVD	id:	CVE-2013-5709

LAST UPDATE DATE

2024-08-14T15:03:40.384000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13027	date:	2013-09-17T00:00:00
db:	VULHUB	id:	VHN-65711	date:	2020-02-10T00:00:00
db:	BID	id:	62341	date:	2013-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-004188	date:	2013-09-19T00:00:00
db:	CNNVD	id:	CNNVD-201309-245	date:	2020-02-11T00:00:00
db:	NVD	id:	CVE-2013-5709	date:	2020-02-10T15:15:12.010

SOURCES RELEASE DATE

db:	IVD	id:	abb36416-2352-11e6-abef-000c29c66e3d	date:	2013-09-17T00:00:00
db:	CNVD	id:	CNVD-2013-13027	date:	2013-09-16T00:00:00
db:	VULHUB	id:	VHN-65711	date:	2013-09-17T00:00:00
db:	BID	id:	62341	date:	2013-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-004188	date:	2013-09-19T00:00:00
db:	CNNVD	id:	CNNVD-201309-245	date:	2013-09-17T00:00:00
db:	NVD	id:	CVE-2013-5709	date:	2013-09-17T12:04:28.820