Siemens SCALANCE X-200IRT < 5.2.0 Session Hijacking

Medium Nessus Plugin ID 81376


The remote device is affected by a session hijacking vulnerability.


According to its self-reported version number, the remote SCALANCE device is affected by an unspecified vulnerability that allows an attacker to hijack a session and perform administrative functions on the device without authentication.


Upgrade to firmware version 5.2.0 or later.

See Also

Plugin Details

Severity: Medium

ID: 81376

File Name: scada_siemens_scalance_x200_cve-2015-1049.nbin

Version: $Revision: 1.20 $

Type: remote

Family: SCADA

Published: 2015/02/16

Modified: 2018/01/29

Dependencies: 10800

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:siemens:scalance_x-200_series_firmware

Patch Publication Date: 2015/02/02

Vulnerability Publication Date: 2015/02/02

Reference Information

CVE: CVE-2015-1049

BID: 72512

OSVDB: 117856

ICSA: 15-034-01