Vulnerability Details CVE-2013-6926
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.8%
CVSS Severity
CVSS v2 Score 8.0
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf
- http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf
Products affected by CVE-2013-6926
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.10.1
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.11
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.11.0
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.11.4
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.12
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.12.1
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.2.5
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.3.6
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.4.9
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.5.4
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.6.6
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.7.9
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.8.5
-
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.9.3