Sign-up

ID

VAR-201502-0369


CVE

CVE-2015-1357


TITLE

plural Siemens Ruggedcom WIN Vulnerability to get password hash on device

Trust: 0.8

sources: JVNDB: JVNDB-2015-001344

DESCRIPTION

Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. Security vulnerabilities exist in several Siemens Ruggedcom products. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks

Trust: 2.79

sources: NVD: CVE-2015-1357 // JVNDB: JVNDB-2015-001344 // CNVD: CNVD-2015-00845 // BID: 72523 // IVD: a4f5721e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-79318 // VULMON: CVE-2015-1357

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: a4f5721e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00845

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcomscope:lteversion:ss4.4.4624.34

Trust: 1.0

vendor:siemensmodel:ruggedcomscope:lteversion:bs4.4.4621.31

Trust: 1.0

vendor:siemensmodel:ruggedcom win5100scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom win5200scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom win7000scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom win7200scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcomscope:ltversion:bs4.4.4621.32 (win70xx/win72xx)

Trust: 0.8

vendor:siemensmodel:ruggedcomscope:ltversion:ss4.4.4624.35 (win51xx/win52xx)

Trust: 0.8

vendor:siemensmodel:win51xx/win52xx <ss4.4.4624.35scope: - version: -

Trust: 0.6

vendor:siemensmodel:win70xx/win72xx <bs4.4.4621.32scope: - version: -

Trust: 0.6

vendor:siemensmodel:ruggedcomscope:eqversion:bs4.4.4621.31

Trust: 0.6

vendor:siemensmodel:ruggedcomscope:eqversion:ss4.4.4624.34

Trust: 0.6

vendor:ruggedcommodel: - scope:eqversion:*

Trust: 0.4

vendor:siemensmodel:ruggedcom win7200scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom win7000scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom win5200scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom win5100scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom win7200 bs4.4.4621.32scope:neversion: -

Trust: 0.3

vendor:siemensmodel:ruggedcom win7000 bs4.4.4621.32scope:neversion: -

Trust: 0.3

vendor:siemensmodel:ruggedcom win5200 ss4.4.4624.35scope:neversion: -

Trust: 0.3

vendor:siemensmodel:ruggedcom win5100 ss4.4.4624.35scope:neversion: -

Trust: 0.3

sources: IVD: a4f5721e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00845 // BID: 72523 // JVNDB: JVNDB-2015-001344 // CNNVD: CNNVD-201502-018 // NVD: CVE-2015-1357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1357
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-1357
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-00845
value: LOW

Trust: 0.6

CNNVD: CNNVD-201502-018
value: MEDIUM

Trust: 0.6

IVD: a4f5721e-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-79318
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-1357
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1357
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-00845
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a4f5721e-2351-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-79318
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: a4f5721e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00845 // VULHUB: VHN-79318 // VULMON: CVE-2015-1357 // JVNDB: JVNDB-2015-001344 // CNNVD: CNNVD-201502-018 // NVD: CVE-2015-1357

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-79318 // JVNDB: JVNDB-2015-001344 // NVD: CVE-2015-1357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-018

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201502-018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001344

PATCH
title:SSA-753139url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf
Trust: 0.8
title:Patches for several Siemens Ruggedcom product information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/54946
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00845 // 
            
            
            
            JVNDB: JVNDB-2015-001344

EXTERNAL IDS
db:NVDid:CVE-2015-1357
Trust: 3.7
db:SIEMENSid:SSA-753139
Trust: 2.4
db:BIDid:72523
Trust: 1.0
db:CNNVDid:CNNVD-201502-018
Trust: 0.9
db:CNVDid:CNVD-2015-00845
Trust: 0.8
db:JVNDBid:JVNDB-2015-001344
Trust: 0.8
db:ICS CERTid:ICSA-15-034-02
Trust: 0.4
db:IVDid:A4F5721E-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-79318
Trust: 0.1
db:VULMONid:CVE-2015-1357
Trust: 0.1
sources:
            
            
            IVD: a4f5721e-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-00845 // 
            
            
            
            VULHUB: VHN-79318 // 
            
            
            
            VULMON: CVE-2015-1357 // 
            
            
            
            BID: 72523 // 
            
            
            
            JVNDB: JVNDB-2015-001344 // 
            
            
            
            CNNVD: CNNVD-201502-018 // 
            
            
            
            NVD: CVE-2015-1357

REFERENCES
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf
Trust: 2.4
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1357
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1357
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-15-034-02
Trust: 0.4
url:http://www.siemens.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37349
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-00845 // 
            
            
            
            VULHUB: VHN-79318 // 
            
            
            
            VULMON: CVE-2015-1357 // 
            
            
            
            BID: 72523 // 
            
            
            
            JVNDB: JVNDB-2015-001344 // 
            
            
            
            CNNVD: CNNVD-201502-018 // 
            
            
            
            NVD: CVE-2015-1357

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 72523

SOURCES
db:IVDid:a4f5721e-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-00845
db:VULHUBid:VHN-79318
db:VULMONid:CVE-2015-1357
db:BIDid:72523
db:JVNDBid:JVNDB-2015-001344
db:CNNVDid:CNNVD-201502-018
db:NVDid:CVE-2015-1357

LAST UPDATE DATE
2024-11-23T22:27:11.693000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00845date:2015-02-04T00:00:00
db:VULHUBid:VHN-79318date:2015-02-04T00:00:00
db:VULMONid:CVE-2015-1357date:2015-02-04T00:00:00
db:BIDid:72523date:2015-02-03T00:00:00
db:JVNDBid:JVNDB-2015-001344date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201502-018date:2015-02-03T00:00:00
db:NVDid:CVE-2015-1357date:2024-11-21T02:25:14.830

SOURCES RELEASE DATE
db:IVDid:a4f5721e-2351-11e6-abef-000c29c66e3ddate:2015-02-04T00:00:00
db:CNVDid:CNVD-2015-00845date:2015-02-04T00:00:00
db:VULHUBid:VHN-79318date:2015-02-02T00:00:00
db:VULMONid:CVE-2015-1357date:2015-02-02T00:00:00
db:BIDid:72523date:2015-02-03T00:00:00
db:JVNDBid:JVNDB-2015-001344date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201502-018date:2015-02-03T00:00:00
db:NVDid:CVE-2015-1357date:2015-02-02T15:59:03.240