ID
VAR-201502-0113
CVE
CVE-2015-1049
TITLE
Siemens SCALANCE X-200IRT Web Server Session Hijacking Vulnerability
Trust: 1.0
sources:
IVD: 6dbd3766-e28f-438e-b2d5-4c5a15eb4212 //
IVD: a50f102a-2351-11e6-abef-000c29c66e3d //
CNVD: CNVD-2015-00844
DESCRIPTION
The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. The Siemens SCALANCE X-200IRT is an industrial Ethernet switch from Siemens AG. A remote attacker can exploit this vulnerability to hijack a session. Siemens SCALANCE X-200IRT is prone to a user-impersonation vulnerability. An attacker can exploit this issue to impersonate arbitrary users and perform unauthorized actions
Trust: 2.97
sources:
NVD: CVE-2015-1049 //
JVNDB: JVNDB-2015-001341 //
CNVD: CNVD-2015-00844 //
BID: 72512 //
IVD: 6dbd3766-e28f-438e-b2d5-4c5a15eb4212 //
IVD: a50f102a-2351-11e6-abef-000c29c66e3d //
VULHUB: VHN-79009 //
VULMON: CVE-2015-1049
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.4 |
sources:
IVD: 6dbd3766-e28f-438e-b2d5-4c5a15eb4212 //
IVD: a50f102a-2351-11e6-abef-000c29c66e3d //
CNVD: CNVD-2015-00844
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance x-200 series | scope: | lte | version: | 5.1.1 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x-200 series | scope: | lt | version: | 5.2.0 | Trust: 0.8 |
| vendor: | siemens | model: | scalance x201-3p irt | scope: | eq | version: | none | Trust: 0.8 |
| vendor: | siemens | model: | scalance x201-3p irt | scope: | eq | version: | pro | Trust: 0.8 |
| vendor: | siemens | model: | scalance x202-2irt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance x202-2p irt | scope: | eq | version: | none | Trust: 0.8 |
| vendor: | siemens | model: | scalance x202-2p irt | scope: | eq | version: | pro | Trust: 0.8 |
| vendor: | siemens | model: | scalance x204irt | scope: | eq | version: | none | Trust: 0.8 |
| vendor: | siemens | model: | scalance x204irt | scope: | eq | version: | pro | Trust: 0.8 |
| vendor: | siemens | model: | scalance xf204irt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance x-200irt switches with | scope: | lt | version: | 5.2.0 | Trust: 0.6 |
| vendor: | siemens | model: | scalance x-200 series | scope: | eq | version: | 5.1.1 | Trust: 0.6 |
| vendor: | scalance x 200 series | model: | - | scope: | eq | version: | * | Trust: 0.4 |
| vendor: | siemens | model: | scalance x-200irt | scope: | eq | version: | 5.1.2 | Trust: 0.3 |
| vendor: | siemens | model: | scalance x-200irt | scope: | eq | version: | 5.1 | Trust: 0.3 |
| vendor: | siemens | model: | scalance x-200irt | scope: | ne | version: | 5.2.0 | Trust: 0.3 |
sources:
IVD: 6dbd3766-e28f-438e-b2d5-4c5a15eb4212 //
IVD: a50f102a-2351-11e6-abef-000c29c66e3d //
CNVD: CNVD-2015-00844 //
BID: 72512 //
JVNDB: JVNDB-2015-001341 //
CNNVD: CNNVD-201502-017 //
NVD: CVE-2015-1049
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
IVD: 6dbd3766-e28f-438e-b2d5-4c5a15eb4212 //
IVD: a50f102a-2351-11e6-abef-000c29c66e3d //
CNVD: CNVD-2015-00844 //
VULHUB: VHN-79009 //
VULMON: CVE-2015-1049 //
JVNDB: JVNDB-2015-001341 //
CNNVD: CNNVD-201502-017 //
NVD: CVE-2015-1049
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
sources:
VULHUB: VHN-79009 //
JVNDB: JVNDB-2015-001341 //
NVD: CVE-2015-1049
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201502-017
TYPE
input validation error
Trust: 0.6
sources:
CNNVD: CNNVD-201502-017
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-001341
PATCH
| title: | SSA-954136 | url: | http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf | Trust: 0.8 |
| title: | Siemens SCALANCE X-200IRT Web Server Session Hijacking Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/54947 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-00844 //
JVNDB: JVNDB-2015-001341
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-1049 | Trust: 3.9 |
| db: | SIEMENS | id: | SSA-954136 | Trust: 2.1 |
| db: | CNNVD | id: | CNNVD-201502-017 | Trust: 1.1 |
| db: | CNVD | id: | CNVD-2015-00844 | Trust: 1.0 |
| db: | BID | id: | 72512 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2015-001341 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-15-034-01 | Trust: 0.4 |
| db: | IVD | id: | 6DBD3766-E28F-438E-B2D5-4C5A15EB4212 | Trust: 0.2 |
| db: | IVD | id: | A50F102A-2351-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
| db: | VULHUB | id: | VHN-79009 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2015-1049 | Trust: 0.1 |
sources:
IVD: 6dbd3766-e28f-438e-b2d5-4c5a15eb4212 //
IVD: a50f102a-2351-11e6-abef-000c29c66e3d //
CNVD: CNVD-2015-00844 //
VULHUB: VHN-79009 //
VULMON: CVE-2015-1049 //
BID: 72512 //
JVNDB: JVNDB-2015-001341 //
CNNVD: CNNVD-201502-017 //
NVD: CVE-2015-1049
REFERENCES
| url: | http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf | Trust: 2.1 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf | Trust: 1.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1049 | Trust: 1.4 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1049 | Trust: 0.8 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-15-034-01 | Trust: 0.4 |
| url: | http://www.automation.siemens.com/mcms/industrial-communication/en/ie/ie_switches_media-converters/pages/ie_switches_media-converters.aspx | Trust: 0.3 |
| url: | http://www.siemens.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/20.html | Trust: 0.1 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=37350 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
CNVD: CNVD-2015-00844 //
VULHUB: VHN-79009 //
VULMON: CVE-2015-1049 //
BID: 72512 //
JVNDB: JVNDB-2015-001341 //
CNNVD: CNNVD-201502-017 //
NVD: CVE-2015-1049
CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
BID: 72512
SOURCES
| db: | IVD | id: | 6dbd3766-e28f-438e-b2d5-4c5a15eb4212 |
| db: | IVD | id: | a50f102a-2351-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2015-00844 |
| db: | VULHUB | id: | VHN-79009 |
| db: | VULMON | id: | CVE-2015-1049 |
| db: | BID | id: | 72512 |
| db: | JVNDB | id: | JVNDB-2015-001341 |
| db: | CNNVD | id: | CNNVD-201502-017 |
| db: | NVD | id: | CVE-2015-1049 |
LAST UPDATE DATE
2024-08-14T14:14:01.961000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-00844 | date: | 2015-02-04T00:00:00 |
| db: | VULHUB | id: | VHN-79009 | date: | 2020-02-10T00:00:00 |
| db: | VULMON | id: | CVE-2015-1049 | date: | 2020-02-10T00:00:00 |
| db: | BID | id: | 72512 | date: | 2015-02-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-001341 | date: | 2015-02-12T00:00:00 |
| db: | CNNVD | id: | CNNVD-201502-017 | date: | 2020-02-11T00:00:00 |
| db: | NVD | id: | CVE-2015-1049 | date: | 2020-02-10T14:15:12.063 |
SOURCES RELEASE DATE
| db: | IVD | id: | 6dbd3766-e28f-438e-b2d5-4c5a15eb4212 | date: | 2015-02-04T00:00:00 |
| db: | IVD | id: | a50f102a-2351-11e6-abef-000c29c66e3d | date: | 2015-02-04T00:00:00 |
| db: | CNVD | id: | CNVD-2015-00844 | date: | 2015-02-04T00:00:00 |
| db: | VULHUB | id: | VHN-79009 | date: | 2015-02-02T00:00:00 |
| db: | VULMON | id: | CVE-2015-1049 | date: | 2015-02-02T00:00:00 |
| db: | BID | id: | 72512 | date: | 2015-02-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-001341 | date: | 2015-02-12T00:00:00 |
| db: | CNNVD | id: | CNNVD-201502-017 | date: | 2015-02-03T00:00:00 |
| db: | NVD | id: | CVE-2015-1049 | date: | 2015-02-02T15:59:01.973 |