CVE-2013-4651

Published: Aug 1, 2013Modified: Apr 29, 2026

6.6

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:C

Exploitability: 4.9 / Impact: 8.5

Source: NVD

Description

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.

Affected (17)

Products: Siemens: Scalance W700 Series Firmware, Scalance W744 1, Scalance W744 1pro, Scalance W746 1, Scalance W746 1pro, Scalance W747 1, Scalance W747 1rr, Scalance W784 1, Scalance W784 1rr, Scalance W786 1pro, Scalance W786 2pro, Scalance W786 2rr, Scalance W786 3pro, Scalance W788 1pro, Scalance W788 1rr, Scalance W788 2pro, Scalance W788 2rr

Siemens

17 products

Scalance W700 Series Firmware

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Siemens Scalance W700 Series Firmware	Up to 4.4.0
Siemens Scalance W744 1	All versions
Siemens Scalance W744 1pro	All versions
Siemens Scalance W746 1	All versions
Siemens Scalance W746 1pro	All versions
Siemens Scalance W747 1	All versions
Siemens Scalance W747 1rr	All versions
Siemens Scalance W784 1	All versions
Siemens Scalance W784 1rr	All versions
Siemens Scalance W786 1pro	All versions
Siemens Scalance W786 2pro	All versions
Siemens Scalance W786 2rr	All versions
Siemens Scalance W786 3pro	All versions
Siemens Scalance W788 1pro	All versions
Siemens Scalance W788 1rr	All versions
Siemens Scalance W788 2pro	All versions
Siemens Scalance W788 2rr	All versions

Related CWEs

CWE-255

References (2)

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf

Source: cve@mitre.org

Vendor Advisory

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.