Details of VAR-201312-0273

ID

VAR-201312-0273

CVE

CVE-2013-6925

TITLE

RuggedCom Rugged Operating System Session Hijacking Vulnerability

Trust: 0.8

sources: IVD: 63685bd0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14993

DESCRIPTION

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. The attacker must know the administrator client IP address to attack. RuggedCom Rugged Operating System is prone to a remote authentication-bypass and session-hijacking vulnerabilities. Exploiting these issues can allow attackers to bypass authentication mechanism or hijack another user's session and gain unauthorized access to the victim's account on the affected device. Versions prior to Rugged Operating System 3.12.2 are vulnerable. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany

Trust: 2.7

sources: NVD: CVE-2013-6925 // JVNDB: JVNDB-2013-005586 // CNVD: CNVD-2013-14993 // BID: 64155 // IVD: 63685bd0-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-66927

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 63685bd0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14993

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	3.12.2	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	(ros) 3.12.2	Trust: 0.8
vendor:	ruggedcom	model:	rugged operating system	scope:	lt	version:	3.12.2	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.12.1	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.9.3	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.2.5	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.11.0	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.3.6	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.8.5	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.10.1	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.11.4	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.12	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.7.9	Trust: 0.6
vendor:	ruggedcom	model:	rugged operating system	scope:	eq	version:	3.12.1	Trust: 0.3
vendor:	ruggedcom	model:	rugged operating system	scope:	eq	version:	3.12.0	Trust: 0.3
vendor:	ruggedcom	model:	rugged operating system	scope:	eq	version:	3.11.0	Trust: 0.3
vendor:	ruggedcom	model:	rugged operating system	scope:	eq	version:	3.10.1	Trust: 0.3
vendor:	ruggedcom	model:	rugged operating system	scope:	ne	version:	3.12.2	Trust: 0.3
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.2.5	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.3.6	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.4.9	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.5.4	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.6.6	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.7.9	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.8.5	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.9.3	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.10.1	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.11.0	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.11.4	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.12	Trust: 0.2
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 63685bd0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14993 // BID: 64155 // JVNDB: JVNDB-2013-005586 // CNNVD: CNNVD-201312-349 // NVD: CVE-2013-6925

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6925
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-6925
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-14993
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201312-349
value:	HIGH
Trust: 0.6
IVD:	63685bd0-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-66927
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-6925
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-14993
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	63685bd0-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-66927
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 63685bd0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14993 // VULHUB: VHN-66927 // JVNDB: JVNDB-2013-005586 // CNNVD: CNNVD-201312-349 // NVD: CVE-2013-6925

PROBLEMTYPE DATA

problemtype:	CWE-330	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2013-005586 // NVD: CVE-2013-6925

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-349

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201312-349

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005586

PATCH

title:	SSA-324789	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf	Trust: 0.8
title:	RuggedCom Rugged Operating System session hijacking vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/41534	Trust: 0.6
title:	Siemens RuggedCom ROS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180261	Trust: 0.6

sources: CNVD: CNVD-2013-14993 // JVNDB: JVNDB-2013-005586 // CNNVD: CNNVD-201312-349

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6925	Trust: 3.6
db:	ICS CERT	id:	ICSA-13-340-01	Trust: 3.4
db:	SIEMENS	id:	SSA-324789	Trust: 2.6
db:	CNNVD	id:	CNNVD-201312-349	Trust: 0.9
db:	BID	id:	64155	Trust: 0.9
db:	CNVD	id:	CNVD-2013-14993	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-005586	Trust: 0.8
db:	IVD	id:	63685BD0-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-66927	Trust: 0.1

sources: IVD: 63685bd0-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14993 // VULHUB: VHN-66927 // BID: 64155 // JVNDB: JVNDB-2013-005586 // CNNVD: CNNVD-201312-349 // NVD: CVE-2013-6925

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-340-01	Trust: 3.4
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6925	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6925	Trust: 0.8
url:	http://www.ruggedcom.com/	Trust: 0.3

sources: CNVD: CNVD-2013-14993 // VULHUB: VHN-66927 // BID: 64155 // JVNDB: JVNDB-2013-005586 // CNNVD: CNNVD-201312-349 // NVD: CVE-2013-6925

CREDITS

Reported by the vendor

Trust: 0.3

sources: BID: 64155

SOURCES

db:	IVD	id:	63685bd0-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-14993
db:	VULHUB	id:	VHN-66927
db:	BID	id:	64155
db:	JVNDB	id:	JVNDB-2013-005586
db:	CNNVD	id:	CNNVD-201312-349
db:	NVD	id:	CVE-2013-6925

LAST UPDATE DATE

2024-11-23T22:27:22.422000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14993	date:	2013-12-12T00:00:00
db:	VULHUB	id:	VHN-66927	date:	2013-12-17T00:00:00
db:	BID	id:	64155	date:	2013-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-005586	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-349	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2013-6925	date:	2024-11-21T01:59:58.883

SOURCES RELEASE DATE

db:	IVD	id:	63685bd0-2352-11e6-abef-000c29c66e3d	date:	2013-12-12T00:00:00
db:	CNVD	id:	CNVD-2013-14993	date:	2013-12-11T00:00:00
db:	VULHUB	id:	VHN-66927	date:	2013-12-17T00:00:00
db:	BID	id:	64155	date:	2013-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-005586	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-349	date:	2013-12-18T00:00:00
db:	NVD	id:	CVE-2013-6925	date:	2013-12-17T04:46:45.910