Vulnerability Details CVE-2013-6925
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.3%
CVSS Severity
CVSS v2 Score 8.3
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf
- http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf
Products affected by CVE-2013-6925
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.10.1
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.11
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.11.0
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.11.4
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.12
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.12.1
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.2.5
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.3.6
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.4.9
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.5.4
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.6.6
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.7.9
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.8.5
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.9.3