All the vulnerabilites related to siemens - ruggedcom
Vulnerability from fkie_nvd
Published
2017-12-26 04:29
Modified
2024-11-21 03:10
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | http://www.securityfocus.com/bid/101041 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | http://www.securitytracker.com/id/1039463 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | http://www.securitytracker.com/id/1039464 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101041 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039463 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039464 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf | Issue Tracking, Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA12DF53-5DB1-4279-9E46-6031258ACE68",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB3CC2D-CBF0-4F53-A412-01BBC39E34C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5501093A-B4A4-4E9C-AE5A-38A012B81E07",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7719E194-EE3D-4CE8-8C85-CF0D82A553AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5B80A4-0EFC-4488-A569-574B942FC7D9",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F962FC7-0616-467F-8CCA-ADEA224B5F7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr300-wg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DEF3486-F27F-4FC3-ADE5-A5BCAD477C47",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr300-wg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43C240D0-5169-4800-B336-A2B889475CD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6310FD-6DD7-4420-BE94-C791D18CA1E1",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96EA9D9A-AD86-4983-8FD2-33B1E447D7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF503997-A9E6-4722-A774-D3089B3468B3",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "798E900F-5EF9-4B39-B8C2-79FAE659E7F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8AEFEF0-6AA1-4C07-BE94-0FBD7CECA354",
"versionEndExcluding": "5.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C8879-659D-4A28-BA72-7BE05B5215CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1FAD6D-C62C-46CF-A752-E0844A496344",
"versionEndExcluding": "4.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABA893-37F5-4877-BC13-3557C654857E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions \u003c ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions \u003c ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en RUGGEDCOM ROS para los dispositivos RSL910 (todas las versiones anteriores a ROS V5.0.1), RUGGEDCOM ROS para todos los dem\u00e1s dispositivos (todas las versiones anteriores a ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (Todas las versiones entre V3.0 (incluido) y V3.0.2 (excluyendo), SCALANCE XR-500/XM-400 (Todas las versiones entre V6.1 (incluido) y V6.1.1 (excluyendo). Despu\u00e9s de la configuraci\u00f3n inicial, el Ruggedcom Discovery Protocol (RCDP) a\u00fan puede escribir hacia el dispositivo bajo ciertas condiciones, esto potencialmente permite que los usuarios ubicados en la red adyacente del dispositivo destino realicen acciones administrativas no autorizadas."
}
],
"id": "CVE-2017-12736",
"lastModified": "2024-11-21T03:10:07.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-26T04:29:13.643",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101041"
},
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039463"
},
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039464"
},
{
"source": "productcert@siemens.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201502-0392
Vulnerability from variot
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. A remote attacker can exploit this vulnerability to execute arbitrary code. Ruggedcom WIN products are prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts may result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "ss4.4.4624.34"
},
{
"model": "ruggedcom",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "bs4.4.4621.31"
},
{
"model": "ruggedcom win5100",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7000",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "bs4.4.4621.32 (win70xx/win72xx)"
},
{
"model": "ruggedcom",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "ss4.4.4624.35 (win51xx/win52xx)"
},
{
"model": "win51xx/win52xx \u003css4.4.4624.35",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "win70xx/win72xx \u003cbs4.4.4621.32",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "bs4.4.4621.31"
},
{
"model": "ruggedcom",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "ss4.4.4624.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ruggedcom",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001342"
},
{
"db": "NVD",
"id": "CVE-2015-1449"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bs4.4.4621.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7200:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "ss4.4.4624.34",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win5100:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win5200:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "72522"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1449",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-1449",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00847",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a500d834-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-79410",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1449",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00847",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-020",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-79410",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"db": "VULHUB",
"id": "VHN-79410"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001342"
},
{
"db": "NVD",
"id": "CVE-2015-1449"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. A remote attacker can exploit this vulnerability to execute arbitrary code. Ruggedcom WIN products are prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts may result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1449"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001342"
},
{
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"db": "BID",
"id": "72522"
},
{
"db": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-79410"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1449",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-753139",
"trust": 2.3
},
{
"db": "BID",
"id": "72522",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201502-020",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00847",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001342",
"trust": 0.8
},
{
"db": "IVD",
"id": "A500D834-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-79410",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"db": "VULHUB",
"id": "VHN-79410"
},
{
"db": "BID",
"id": "72522"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001342"
},
{
"db": "NVD",
"id": "CVE-2015-1449"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-020"
}
]
},
"id": "VAR-201502-0392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"db": "VULHUB",
"id": "VHN-79410"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00847"
}
]
},
"last_update_date": "2023-12-18T12:38:04.671000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-753139",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
},
{
"title": "Patches for multiple Siemens Ruggedcom product buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/54943"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001342"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79410"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001342"
},
{
"db": "NVD",
"id": "CVE-2015-1449"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1449"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1449"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"db": "VULHUB",
"id": "VHN-79410"
},
{
"db": "BID",
"id": "72522"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001342"
},
{
"db": "NVD",
"id": "CVE-2015-1449"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"db": "VULHUB",
"id": "VHN-79410"
},
{
"db": "BID",
"id": "72522"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001342"
},
{
"db": "NVD",
"id": "CVE-2015-1449"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"date": "2015-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-79410"
},
{
"date": "2015-02-06T00:00:00",
"db": "BID",
"id": "72522"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001342"
},
{
"date": "2015-02-02T15:59:09.223000",
"db": "NVD",
"id": "CVE-2015-1449"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00847"
},
{
"date": "2015-02-04T00:00:00",
"db": "VULHUB",
"id": "VHN-79410"
},
{
"date": "2015-02-06T00:00:00",
"db": "BID",
"id": "72522"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001342"
},
{
"date": "2015-02-04T05:27:31.590000",
"db": "NVD",
"id": "CVE-2015-1449"
},
{
"date": "2015-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Ruggedcom WIN Integrated device firmware Web Server buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a500d834-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-020"
}
],
"trust": 0.8
}
}
var-201502-0391
Vulnerability from variot
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. There are security holes in the integrated management services for several Siemens Ruggedcom products. A remote attacker could exploit the vulnerability to bypass authentication and perform administrator actions. Siemens Ruggedcom WIN products running firmware versions prior to BS4.4.4621.32 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "ss4.4.4624.34"
},
{
"model": "ruggedcom",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "bs4.4.4621.31"
},
{
"model": "ruggedcom win5100",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7000",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "bs4.4.4621.32 (win70xx/win72xx)"
},
{
"model": "ruggedcom",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "ss4.4.4624.35 (win51xx/win52xx)"
},
{
"model": "win51xx/win52xx \u003css4.4.4624.35",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "win70xx/win72xx \u003cbs4.4.4621.32",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "bs4.4.4621.31"
},
{
"model": "ruggedcom",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "ss4.4.4624.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ruggedcom",
"version": "*"
},
{
"model": "ruggedcom win7200",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win7000",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win5200",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win5100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win7200 bs4.4.4621.32",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7000 bs4.4.4621.32",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5200 ss4.4.4624.35",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5100 ss4.4.4624.35",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bs4.4.4621.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "ss4.4.4624.34",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win5200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win5100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "72521"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1448",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-1448",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00846",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-79409",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1448",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00846",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-019",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-79409",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. There are security holes in the integrated management services for several Siemens Ruggedcom products. A remote attacker could exploit the vulnerability to bypass authentication and perform administrator actions. \nSiemens Ruggedcom WIN products running firmware versions prior to BS4.4.4621.32 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1448"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-79409"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1448",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-753139",
"trust": 2.3
},
{
"db": "BID",
"id": "72521",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00846",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-034-02",
"trust": 0.3
},
{
"db": "IVD",
"id": "A4FE323C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-79409",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
]
},
"id": "VAR-201502-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
}
]
},
"last_update_date": "2023-12-18T12:38:04.633000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-753139",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
},
{
"title": "A variety of Siemens Ruggedcom product security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/54944"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1448"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1448"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-034-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"date": "2015-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-79409"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72521"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"date": "2015-02-02T15:59:08.317000",
"db": "NVD",
"id": "CVE-2015-1448"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"date": "2015-02-04T00:00:00",
"db": "VULHUB",
"id": "VHN-79409"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72521"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"date": "2015-02-04T05:27:01.120000",
"db": "NVD",
"id": "CVE-2015-1448"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Ruggedcom WIN Vulnerability that bypasses authentication in device firmware integrated management service",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
],
"trust": 0.6
}
}
var-201502-0369
Vulnerability from variot
Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. Security vulnerabilities exist in several Siemens Ruggedcom products. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0369",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "ss4.4.4624.34"
},
{
"model": "ruggedcom",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "bs4.4.4621.31"
},
{
"model": "ruggedcom win5100",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7000",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "bs4.4.4621.32 (win70xx/win72xx)"
},
{
"model": "ruggedcom",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "ss4.4.4624.35 (win51xx/win52xx)"
},
{
"model": "win51xx/win52xx \u003css4.4.4624.35",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "win70xx/win72xx \u003cbs4.4.4621.32",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "bs4.4.4621.31"
},
{
"model": "ruggedcom",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "ss4.4.4624.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ruggedcom",
"version": "*"
},
{
"model": "ruggedcom win7200",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win7000",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win5200",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win5100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win7200 bs4.4.4621.32",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7000 bs4.4.4621.32",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5200 ss4.4.4624.35",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5100 ss4.4.4624.35",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"db": "BID",
"id": "72523"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001344"
},
{
"db": "NVD",
"id": "CVE-2015-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-018"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bs4.4.4621.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "ss4.4.4624.34",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win5100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win5200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1357"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "72523"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1357",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-1357",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2015-00845",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-79318",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1357",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-00845",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-018",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79318",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-1357",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"db": "VULHUB",
"id": "VHN-79318"
},
{
"db": "VULMON",
"id": "CVE-2015-1357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001344"
},
{
"db": "NVD",
"id": "CVE-2015-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-018"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. Security vulnerabilities exist in several Siemens Ruggedcom products. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001344"
},
{
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"db": "BID",
"id": "72523"
},
{
"db": "IVD",
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-79318"
},
{
"db": "VULMON",
"id": "CVE-2015-1357"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1357",
"trust": 3.7
},
{
"db": "SIEMENS",
"id": "SSA-753139",
"trust": 2.4
},
{
"db": "BID",
"id": "72523",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201502-018",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00845",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001344",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-034-02",
"trust": 0.4
},
{
"db": "IVD",
"id": "A4F5721E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-79318",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-1357",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"db": "VULHUB",
"id": "VHN-79318"
},
{
"db": "VULMON",
"id": "CVE-2015-1357"
},
{
"db": "BID",
"id": "72523"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001344"
},
{
"db": "NVD",
"id": "CVE-2015-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-018"
}
]
},
"id": "VAR-201502-0369",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"db": "VULHUB",
"id": "VHN-79318"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00845"
}
]
},
"last_update_date": "2023-12-18T12:38:04.718000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-753139",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
},
{
"title": "Patches for several Siemens Ruggedcom product information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/54946"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001344"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79318"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001344"
},
{
"db": "NVD",
"id": "CVE-2015-1357"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1357"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1357"
},
{
"trust": 0.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-034-02"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37349"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"db": "VULHUB",
"id": "VHN-79318"
},
{
"db": "VULMON",
"id": "CVE-2015-1357"
},
{
"db": "BID",
"id": "72523"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001344"
},
{
"db": "NVD",
"id": "CVE-2015-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-018"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"db": "VULHUB",
"id": "VHN-79318"
},
{
"db": "VULMON",
"id": "CVE-2015-1357"
},
{
"db": "BID",
"id": "72523"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001344"
},
{
"db": "NVD",
"id": "CVE-2015-1357"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-018"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "IVD",
"id": "a4f5721e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"date": "2015-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-79318"
},
{
"date": "2015-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1357"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72523"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001344"
},
{
"date": "2015-02-02T15:59:03.240000",
"db": "NVD",
"id": "CVE-2015-1357"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-018"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00845"
},
{
"date": "2015-02-04T00:00:00",
"db": "VULHUB",
"id": "VHN-79318"
},
{
"date": "2015-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1357"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72523"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001344"
},
{
"date": "2015-02-04T05:19:39.717000",
"db": "NVD",
"id": "CVE-2015-1357"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-018"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Ruggedcom WIN Vulnerability to get password hash on device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-018"
}
],
"trust": 0.6
}
}
cve-2017-12736
Vulnerability from cvelistv5
Published
2017-12-26 04:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039463 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1039464 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101041 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens AG | RUGGEDCOM ROS for RSL910 devices, RUGGEDCOM ROS for all other devices, SCALANCE XB-200/XC-200/XP-200/XR300-WG, SCALANCE XR-500/XM-400 |
Version: RUGGEDCOM ROS for RSL910 devices : All versions < ROS V5.0.1 Version: RUGGEDCOM ROS for all other devices : All versions < ROS V4.3.4 Version: SCALANCE XB-200/XC-200/XP-200/XR300-WG : All versions between V3.0 (including) and V3.0.2 (excluding) Version: SCALANCE XR-500/XM-400 : All versions between V6.1 (including) and V6.1.1 (excluding) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
},
{
"name": "1039463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039463"
},
{
"name": "1039464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039464"
},
{
"name": "101041",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RUGGEDCOM ROS for RSL910 devices, RUGGEDCOM ROS for all other devices, SCALANCE XB-200/XC-200/XP-200/XR300-WG, SCALANCE XR-500/XM-400",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "RUGGEDCOM ROS for RSL910 devices : All versions \u003c ROS V5.0.1"
},
{
"status": "affected",
"version": "RUGGEDCOM ROS for all other devices : All versions \u003c ROS V4.3.4"
},
{
"status": "affected",
"version": "SCALANCE XB-200/XC-200/XP-200/XR300-WG : All versions between V3.0 (including) and V3.0.2 (excluding)"
},
{
"status": "affected",
"version": "SCALANCE XR-500/XM-400 : All versions between V6.1 (including) and V6.1.1 (excluding)"
}
]
}
],
"datePublic": "2017-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions \u003c ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions \u003c ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-28T20:57:01",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
},
{
"name": "1039463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039463"
},
{
"name": "1039464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039464"
},
{
"name": "101041",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2017-05-08T00:00:00",
"ID": "CVE-2017-12736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROS for RSL910 devices, RUGGEDCOM ROS for all other devices, SCALANCE XB-200/XC-200/XP-200/XR300-WG, SCALANCE XR-500/XM-400",
"version": {
"version_data": [
{
"version_value": "RUGGEDCOM ROS for RSL910 devices : All versions \u003c ROS V5.0.1"
},
{
"version_value": "RUGGEDCOM ROS for all other devices : All versions \u003c ROS V4.3.4"
},
{
"version_value": "SCALANCE XB-200/XC-200/XP-200/XR300-WG : All versions between V3.0 (including) and V3.0.2 (excluding)"
},
{
"version_value": "SCALANCE XR-500/XM-400 : All versions between V6.1 (including) and V6.1.1 (excluding)"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions \u003c ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions \u003c ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
},
{
"name": "1039463",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039463"
},
{
"name": "1039464",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039464"
},
{
"name": "101041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-12736",
"datePublished": "2017-12-26T04:00:00Z",
"dateReserved": "2017-08-09T00:00:00",
"dateUpdated": "2024-09-17T02:37:15.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}