<p>The SIPROTEC 5 devices do not use sufficiently random numbers to
generate session identifiers. This could facilitate a brute-force attack
against a valid session identifier which could allow an unauthenticated
remote attacker to hijack a valid user session. The affected session
identifiers are only used in a subset of the endpoints that are provided
by the affected products.</p>
<p>Siemens is preparing fix versions and recommends countermeasures for
products where fixes are not, or not yet available.</p>
Source link
