CVE-2012-1799

Siemens Scalance S S602/S612/S613 V2 < 2.3.0.3 - Unauthenticated Brute-Force via Web Server

Title source: llm

Description

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

References (4)

Core 4

Core References

Various Sources x_refsource_confirm

http://support.automation.siemens.com/WW/view/en/59869684

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/81033

Vendor Advisory x_refsource_confirm

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf

US Government Resource x_refsource_misc

http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf

Scores

EPSS 0.0190

EPSS Percentile 83.5%

Details

CWE

CWE-287

Status published

Products (6)

siemens/scalance_s602 v2

siemens/scalance_s612 v2

siemens/scalance_s613 v2

siemens/scalance_s_firmware 2.1.0

siemens/scalance_s_firmware 2.2.0

siemens/scalance_s_firmware < 2.3.0

Published Apr 18, 2012

Tracked Since Feb 18, 2026