cbcvebase.
CVE-2015-1449
published 2015-02-02

CVE-2015-1449: Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before…

PriorityP259critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
3.77%
88.6th percentile
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors.

Affected

2 ranges
VendorProductVersion rangeFixed in
siemensruggedcom_firmware<= bs4.4.4621.31
siemensruggedcom_firmware<= ss4.4.4624.34

Detection & IOCsextracted from sources · hover to see the quote

port443/TCP
  • Target the integrated web server on port 443/TCP of Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx, WIN72xx devices for anomalous or oversized HTTP/HTTPS requests indicative of buffer overflow exploitation attempts.
  • Monitor for unauthenticated administrative operations over the network against the integrated management service on affected Ruggedcom WIN devices (CVE-2015-1448 companion vulnerability in same firmware).
  • ·No known public exploits specifically target this vulnerability at time of advisory publication; exploitation skill level is rated low.
  • ·The exact HTTP request vectors triggering the buffer overflow are unspecified in all public sources, limiting precise signature development.
  • ·Sensitive information such as password hashes may be recoverable from local files or security logs on affected devices (companion CVE-2015-1357), which could aid post-exploitation.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.