Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
2013-08-01T13:32:26.067
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.6 (MEDIUM)
AV:N/AC:H/Au:N/C:P/I:P/A:C
4.9
8.5
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | siemens | scalance_w700_series_firmware | ≤ 4.4.0 | Yes |
| Hardware | siemens | scalance_w744-1 | - | Yes |
| Hardware | siemens | scalance_w744-1pro | - | Yes |
| Hardware | siemens | scalance_w746-1 | - | Yes |
| Hardware | siemens | scalance_w746-1pro | - | Yes |
| Hardware | siemens | scalance_w747-1 | - | Yes |
| Hardware | siemens | scalance_w747-1rr | - | Yes |
| Hardware | siemens | scalance_w784-1 | - | Yes |
| Hardware | siemens | scalance_w784-1rr | - | Yes |
| Hardware | siemens | scalance_w786-1pro | - | Yes |
| Hardware | siemens | scalance_w786-2pro | - | Yes |
| Hardware | siemens | scalance_w786-2rr | - | Yes |
| Hardware | siemens | scalance_w786-3pro | - | Yes |
| Hardware | siemens | scalance_w788-1pro | - | Yes |
| Hardware | siemens | scalance_w788-1rr | - | Yes |
| Hardware | siemens | scalance_w788-2pro | - | Yes |
| Hardware | siemens | scalance_w788-2rr | - | Yes |