var-201502-0391
Vulnerability from variot
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. There are security holes in the integrated management services for several Siemens Ruggedcom products. A remote attacker could exploit the vulnerability to bypass authentication and perform administrator actions. Siemens Ruggedcom WIN products running firmware versions prior to BS4.4.4621.32 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "ss4.4.4624.34"
},
{
"model": "ruggedcom",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "bs4.4.4621.31"
},
{
"model": "ruggedcom win5100",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7000",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "bs4.4.4621.32 (win70xx/win72xx)"
},
{
"model": "ruggedcom",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "ss4.4.4624.35 (win51xx/win52xx)"
},
{
"model": "win51xx/win52xx \u003css4.4.4624.35",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "win70xx/win72xx \u003cbs4.4.4621.32",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "bs4.4.4621.31"
},
{
"model": "ruggedcom",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "ss4.4.4624.34"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ruggedcom",
"version": "*"
},
{
"model": "ruggedcom win7200",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win7000",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win5200",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win5100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ruggedcom win7200 bs4.4.4621.32",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win7000 bs4.4.4621.32",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5200 ss4.4.4624.35",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom win5100 ss4.4.4624.35",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:siemens:ruggedcom_win5100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:ruggedcom_win5200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:ruggedcom_win7000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:ruggedcom_win7200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ruggedcom_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "72521"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1448",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-1448",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00846",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-79409",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1448",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-1448",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-00846",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-019",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-79409",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. There are security holes in the integrated management services for several Siemens Ruggedcom products. A remote attacker could exploit the vulnerability to bypass authentication and perform administrator actions. \nSiemens Ruggedcom WIN products running firmware versions prior to BS4.4.4621.32 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1448"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-79409"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1448",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-753139",
"trust": 2.3
},
{
"db": "BID",
"id": "72521",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00846",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-034-02",
"trust": 0.3
},
{
"db": "IVD",
"id": "A4FE323C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-79409",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"id": "VAR-201502-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
}
]
},
"last_update_date": "2024-11-23T22:27:11.653000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-753139",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
},
{
"title": "A variety of Siemens Ruggedcom product security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54944"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1448"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1448"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-034-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"db": "VULHUB",
"id": "VHN-79409"
},
{
"db": "BID",
"id": "72521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
},
{
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "IVD",
"id": "a4fe323c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"date": "2015-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-79409"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72521"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-019"
},
{
"date": "2015-02-02T15:59:08.317000",
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00846"
},
{
"date": "2015-02-04T00:00:00",
"db": "VULHUB",
"id": "VHN-79409"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72521"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001343"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-019"
},
{
"date": "2024-11-21T02:25:26.773000",
"db": "NVD",
"id": "CVE-2015-1448"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Ruggedcom WIN Vulnerability that bypasses authentication in device firmware integrated management service",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001343"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-019"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.