CVE-2012-1799

Published: Apr 18, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

Affected (6)

Products: Siemens: Scalance S Firmware, Scalance S602, Scalance S612, Scalance S613

4 products

Scalance S Firmware

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Siemens Scalance S Firmware	Up to 2.3.0
Siemens Scalance S Firmware	Version 2.1.0
Siemens Scalance S Firmware	Version 2.2.0
Siemens Scalance S602	Version v2
Siemens Scalance S612	Version v2
Siemens Scalance S613	Version v2

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (8)

http://osvdb.org/81033

Source: cret@cert.org

http://support.automation.siemens.com/WW/view/en/59869684

Source: cret@cert.org

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf

Source: cret@cert.org

Vendor Advisory

http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf

Source: cret@cert.org

US Government Resource

http://osvdb.org/81033

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.automation.siemens.com/WW/view/en/59869684

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.