ID

VAR-201312-0274


CVE

CVE-2013-6926


TITLE

Siemens RuggedCom ROS Integrated HTTPS Vulnerability that bypasses administrator action restrictions on the server

Trust: 0.8

sources: JVNDB: JVNDB-2013-005587

DESCRIPTION

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. The RuggedCom Rugged Operating System listens to TCP 443 port web servers for authentication bypass and hijacking session vulnerabilities, allowing remote non-privileged accounts (such as Guest or Operator) to perform some limited management operations over the network. RuggedCom Rugged Operating System is prone to a remote authentication-bypass and session-hijacking vulnerabilities. Exploiting these issues can allow attackers to bypass authentication mechanism or hijack another user's session and gain unauthorized access to the victim's account on the affected device. Versions prior to Rugged Operating System 3.12.2 are vulnerable. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany

Trust: 2.7

sources: NVD: CVE-2013-6926 // JVNDB: JVNDB-2013-005587 // CNVD: CNVD-2013-14994 // BID: 64155 // IVD: 6364538c-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-66928

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6364538c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14994

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcom rugged operating systemscope:ltversion:3.12.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rugged operating systemscope:ltversion:(ros) 3.12.2

Trust: 0.8

vendor:ruggedcommodel:rugged operating systemscope:ltversion:3.12.2

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.6.6

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.5.4

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.12.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.4.9

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.2.5

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.3.6

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.8.5

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.11.4

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.12

Trust: 0.6

vendor:siemensmodel:ruggedcom rugged operating systemscope:eqversion:3.7.9

Trust: 0.6

vendor:ruggedcommodel:rugged operating systemscope:eqversion:3.12.1

Trust: 0.3

vendor:ruggedcommodel:rugged operating systemscope:eqversion:3.12.0

Trust: 0.3

vendor:ruggedcommodel:rugged operating systemscope:eqversion:3.11.0

Trust: 0.3

vendor:ruggedcommodel:rugged operating systemscope:eqversion:3.10.1

Trust: 0.3

vendor:ruggedcommodel:rugged operating systemscope:neversion:3.12.2

Trust: 0.3

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.2.5

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.3.6

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.4.9

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.5.4

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.6.6

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.7.9

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.8.5

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.9.3

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.10.1

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.11.0

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.11.4

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:3.12

Trust: 0.2

vendor:ruggedcom rugged operating systemmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 6364538c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14994 // BID: 64155 // JVNDB: JVNDB-2013-005587 // CNNVD: CNNVD-201312-350 // NVD: CVE-2013-6926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6926
value: HIGH

Trust: 1.0

NVD: CVE-2013-6926
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-14994
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201312-350
value: HIGH

Trust: 0.6

IVD: 6364538c-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-66928
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6926
severity: HIGH
baseScore: 8.0
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14994
severity: HIGH
baseScore: 8.0
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6364538c-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 8.0
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-66928
severity: HIGH
baseScore: 8.0
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 6364538c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14994 // VULHUB: VHN-66928 // JVNDB: JVNDB-2013-005587 // CNNVD: CNNVD-201312-350 // NVD: CVE-2013-6926

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-66928 // JVNDB: JVNDB-2013-005587 // NVD: CVE-2013-6926

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-350

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201312-350

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005587

PATCH

title:SSA-324789url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf

Trust: 0.8

title:RuggedCom Rugged Operating System verifies patches that bypass the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/41535

Trust: 0.6

title:Siemens RuggedCom ROS Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180262

Trust: 0.6

sources: CNVD: CNVD-2013-14994 // JVNDB: JVNDB-2013-005587 // CNNVD: CNNVD-201312-350

EXTERNAL IDS

db:NVDid:CVE-2013-6926

Trust: 3.6

db:ICS CERTid:ICSA-13-340-01

Trust: 3.4

db:SIEMENSid:SSA-324789

Trust: 2.6

db:CNNVDid:CNNVD-201312-350

Trust: 0.9

db:BIDid:64155

Trust: 0.9

db:CNVDid:CNVD-2013-14994

Trust: 0.8

db:JVNDBid:JVNDB-2013-005587

Trust: 0.8

db:IVDid:6364538C-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-66928

Trust: 0.1

sources: IVD: 6364538c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14994 // VULHUB: VHN-66928 // BID: 64155 // JVNDB: JVNDB-2013-005587 // CNNVD: CNNVD-201312-350 // NVD: CVE-2013-6926

REFERENCES

url:http://ics-cert.us-cert.gov/advisories/icsa-13-340-01

Trust: 3.4

url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf

Trust: 2.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6926

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6926

Trust: 0.8

url:http://www.ruggedcom.com/

Trust: 0.3

sources: CNVD: CNVD-2013-14994 // VULHUB: VHN-66928 // BID: 64155 // JVNDB: JVNDB-2013-005587 // CNNVD: CNNVD-201312-350 // NVD: CVE-2013-6926

CREDITS

Reported by the vendor

Trust: 0.3

sources: BID: 64155

SOURCES

db:IVDid:6364538c-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-14994
db:VULHUBid:VHN-66928
db:BIDid:64155
db:JVNDBid:JVNDB-2013-005587
db:CNNVDid:CNNVD-201312-350
db:NVDid:CVE-2013-6926

LAST UPDATE DATE

2025-04-11T23:11:58.451000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-14994date:2013-12-12T00:00:00
db:VULHUBid:VHN-66928date:2013-12-17T00:00:00
db:BIDid:64155date:2013-12-06T00:00:00
db:JVNDBid:JVNDB-2013-005587date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-350date:2022-02-07T00:00:00
db:NVDid:CVE-2013-6926date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:IVDid:6364538c-2352-11e6-abef-000c29c66e3ddate:2013-12-12T00:00:00
db:CNVDid:CNVD-2013-14994date:2013-12-11T00:00:00
db:VULHUBid:VHN-66928date:2013-12-17T00:00:00
db:BIDid:64155date:2013-12-06T00:00:00
db:JVNDBid:JVNDB-2013-005587date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-350date:2013-12-18T00:00:00
db:NVDid:CVE-2013-6926date:2013-12-17T04:46:45.923