Sign-up

ID

VAR-200412-0758


CVE

CVE-2004-2626


TITLE

Siemens S55 mobile phone SMS verification message bypass vulnerability

Trust: 0.6

sources: CNVD: CNVD-2004-1252

DESCRIPTION

GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message. Siemens S55 is a mobile phone.  Siemens S55 has a race condition error when validating SMS messages.  No detailed vulnerability details are provided at this time. Reportedly the Siemens S55 is affected by an SMS confirmation message bypass vulnerability

Trust: 1.8

sources: NVD: CVE-2004-2626 // CNVD: CNVD-2004-1252 // BID: 10227 // VULHUB: VHN-11054

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2004-1252

AFFECTED PRODUCTS

vendor:siemensmodel:s55scope:eqversion:09.2179

Trust: 1.6

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:siemensmodel:s55scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2004-1252 // BID: 10227 // CNNVD: CNNVD-200412-407 // NVD: CVE-2004-2626

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2626
value: LOW

Trust: 1.0

CNNVD: CNNVD-200412-407
value: LOW

Trust: 0.6

VULHUB: VHN-11054
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2004-2626
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-11054
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-11054 // CNNVD: CNNVD-200412-407 // NVD: CVE-2004-2626

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2626

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200412-407

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-200412-407

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-11054

EXTERNAL IDS
db:NVDid:CVE-2004-2626
Trust: 2.3
db:BIDid:10227
Trust: 2.0
db:OSVDBid:5703
Trust: 1.7
db:SECTRACKid:1009959
Trust: 1.7
db:SECUNIAid:11492
Trust: 1.7
db:CNNVDid:CNNVD-200412-407
Trust: 0.7
db:CNVDid:CNVD-2004-1252
Trust: 0.6
db:XFid:15995
Trust: 0.6
db:FULLDISCid:20040427 PHENOELIT ADVISORY
Trust: 0.6
db:FULLDISCid:20040429 RE: PHENOELIT ADVISORY
Trust: 0.6
db:NSFOCUSid:6380
Trust: 0.6
db:EXPLOIT-DBid:24065
Trust: 0.1
db:SEEBUGid:SSVID-77803
Trust: 0.1
db:VULHUBid:VHN-11054
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2004-1252 // 
            
            
            
            VULHUB: VHN-11054 // 
            
            
            
            BID: 10227 // 
            
            
            
            CNNVD: CNNVD-200412-407 // 
            
            
            
            NVD: CVE-2004-2626

REFERENCES
url:http://www.securityfocus.com/bid/10227
Trust: 1.7
url:http://www.osvdb.org/5703
Trust: 1.7
url:http://securitytracker.com/alerts/2004/apr/1009959.html
Trust: 1.7
url:http://secunia.com/advisories/11492
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15995
Trust: 1.1
url:http://marc.info/?l=full-disclosure&m=108308895624565&w=2
Trust: 1.0
url:http://marc.info/?l=full-disclosure&m=108325033624812&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/15995
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=full-disclosure&m=108325033624812&w=2
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=full-disclosure&m=108308895624565&w=2
Trust: 0.6
url:http://www.nsfocus.net/vulndb/6380
Trust: 0.6
url:http://www.siemens-mobile.com
Trust: 0.3
url:http://marc.info/?l=full-disclosure&m=108308895624565&w=2
Trust: 0.1
url:http://marc.info/?l=full-disclosure&m=108325033624812&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-11054 // 
            
            
            
            BID: 10227 // 
            
            
            
            CNNVD: CNNVD-200412-407 // 
            
            
            
            NVD: CVE-2004-2626

CREDITS
FtR ftr@phenoelit.de※FX※ fx@phenoelit.de
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200412-407

SOURCES
db:CNVDid:CNVD-2004-1252
db:VULHUBid:VHN-11054
db:BIDid:10227
db:CNNVDid:CNNVD-200412-407
db:NVDid:CVE-2004-2626

LAST UPDATE DATE
2024-08-14T14:59:24.146000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2004-1252date:2004-04-27T00:00:00
db:VULHUBid:VHN-11054date:2017-07-20T00:00:00
db:BIDid:10227date:2004-04-27T00:00:00
db:CNNVDid:CNNVD-200412-407date:2005-12-16T00:00:00
db:NVDid:CVE-2004-2626date:2017-07-20T01:29:02.737

SOURCES RELEASE DATE
db:CNVDid:CNVD-2004-1252date:2004-04-27T00:00:00
db:VULHUBid:VHN-11054date:2004-12-31T00:00:00
db:BIDid:10227date:2004-04-27T00:00:00
db:CNNVDid:CNNVD-200412-407date:2004-04-27T00:00:00
db:NVDid:CVE-2004-2626date:2004-12-31T05:00:00