Vulnerability Details : CVE-2013-4651
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
Products affected by CVE-2013-4651
- cpe:2.3:o:siemens:scalance_w700_series_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w786-1pro:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w786-2pro:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w786-2rr:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w786-3pro:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w784-1:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w784-1rr:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w744-1:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w746-1:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w747-1:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w788-1pro:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w788-2pro:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w788-1rr:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w788-2rr:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w744-1pro:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w746-1pro:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w747-1rr:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4651
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4651
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.6
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:C |
4.9
|
8.5
|
NIST |
CWE ids for CVE-2013-4651
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4651
Jump to