CVE-2013-6926
published 2013-12-17CVE-2013-6926: The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions…
PriorityP339high8CVSS 2.0
AVNACLAuSCPIPAC
EPSS
1.50%
71.0th percentile
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | ruggedcom_rugged_operating_system | < 3.12.2 | 3.12.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
RuggedCom ROS Multiple Vulnerabilities
cisa_ics·2018-09-05
RuggedCom ROS Multiple Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
RuggedCom ROS Multiple Vulnerabilities
Last RevisedSeptember 05, 2018
Alert CodeICSA-13-340-01
## OVERVIEW
Siemens has reported to NCCIC/ICS-CERT multiple vulnerabilities in the RuggedCom Rugged OS (ROS). Siemens has produced a firmware update that mitigates these vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to hijack an active Web session and access administrative functions on the devices without proper authorization.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following Siemens RuggedCom ROS versions are affe
GHSA
GHSA-4wfv-4cr7-3wxf: The integrated HTTPS server in Siemens RuggedCom ROS before 3
ghsa_unreviewed·2022-05-13
CVE-2013-6926 [HIGH] CWE-863 GHSA-4wfv-4cr7-3wxf: The integrated HTTPS server in Siemens RuggedCom ROS before 3
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdfhttp://ics-cert.us-cert.gov/advisories/ICSA-13-340-01http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf
2013-12-17
Published