Siemens SIPROTEC 5
Summary
Siemens SIPROTEC 5 devices have a vulnerability where insufficiently random numbers are used to generate session identifiers. This could allow an unauthenticated remote attacker to hijack a valid user session through a brute-force attack. Siemens is preparing fixes and recommends countermeasures for affected versions.
IFF Assessment
This vulnerability allows unauthenticated remote attackers to hijack user sessions, posing a direct threat to system security and access.
Severity
The vulnerability allows for unauthorized access and session hijacking, which can lead to significant impact on confidentiality, integrity, and availability. The ease of exploitation via brute-force on session identifiers makes it a critical concern.
Defender Context
This vulnerability in Siemens SIPROTEC 5 devices highlights the ongoing risks associated with legacy industrial control systems (ICS) and the importance of robust session management. Defenders should prioritize patching or implementing workarounds for affected systems, and ensure strong network segmentation to limit the blast radius of potential session hijacking attacks.