Sign-up

ID

VAR-201304-0566


TITLE

RuggedCom Rugged Operating System Security Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-02644

DESCRIPTION

RuggedCom Inc is the world's leading manufacturer of high-performance network and communications equipment for industrial environments. The Rugged Operating System Web API does not correctly verify permissions when executing commands, allowing remote attackers to exploit vulnerabilities to execute certain commands with high permissions by operating the WebUI javascript.

Trust: 0.6

sources: CNVD: CNVD-2013-02644

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-02644

AFFECTED PRODUCTS

vendor:ruggedcommodel:rugged operating systemscope:eqversion:2.x

Trust: 0.6

sources: CNVD: CNVD-2013-02644

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-02644
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-02644
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-02644

PATCH

title:Patch for RuggedCom Rugged Operating System Security Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/33136

Trust: 0.6

sources: CNVD: CNVD-2013-02644

EXTERNAL IDS

db:CNVDid:CNVD-2013-02644

Trust: 0.6

sources: CNVD: CNVD-2013-02644

REFERENCES

url:http://www.ruggedcom.com/pdfs/soft_history/rox_v2.4.pdf

Trust: 0.6

sources: CNVD: CNVD-2013-02644

SOURCES

db:CNVDid:CNVD-2013-02644

LAST UPDATE DATE

2022-05-04T10:20:02.248000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-02644date:2013-05-28T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-02644date:2013-04-07T00:00:00