Unrated severityNVD Advisory· Published Sep 17, 2013· Updated Apr 29, 2026
CVE-2013-5709
CVE-2013-5709
Description
The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.
Affected products
13- cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x200-4p_irt:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x-200rna:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x201-3p_irt:-:-:pro:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x202-2p_irt:-:-:pro:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_x204irt:-:-:pro:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_xf-200:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:siemens:scalance_x-200_series_firmware:*:*:*:*:*:*:*:*range: <=4.4
- cpe:2.3:o:siemens:scalance_x-200_series_firmware:4.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.