Sign-up

ID

VAR-201502-0391


CVE

CVE-2015-1448


TITLE

plural Siemens Ruggedcom WIN Vulnerability that bypasses authentication in device firmware integrated management service

Trust: 0.8

sources: JVNDB: JVNDB-2015-001343

DESCRIPTION

The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. There are security holes in the integrated management services for several Siemens Ruggedcom products. A remote attacker could exploit the vulnerability to bypass authentication and perform administrator actions. Siemens Ruggedcom WIN products running firmware versions prior to BS4.4.4621.32 are vulnerable

Trust: 2.7

sources: NVD: CVE-2015-1448 // JVNDB: JVNDB-2015-001343 // CNVD: CNVD-2015-00846 // BID: 72521 // IVD: a4fe323c-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-79409

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: a4fe323c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00846

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcomscope:lteversion:ss4.4.4624.34

Trust: 1.0

vendor:siemensmodel:ruggedcomscope:lteversion:bs4.4.4621.31

Trust: 1.0

vendor:siemensmodel:ruggedcom win5100scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom win5200scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom win7000scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom win7200scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcomscope:ltversion:bs4.4.4621.32 (win70xx/win72xx)

Trust: 0.8

vendor:siemensmodel:ruggedcomscope:ltversion:ss4.4.4624.35 (win51xx/win52xx)

Trust: 0.8

vendor:siemensmodel:win51xx/win52xx <ss4.4.4624.35scope: - version: -

Trust: 0.6

vendor:siemensmodel:win70xx/win72xx <bs4.4.4621.32scope: - version: -

Trust: 0.6

vendor:siemensmodel:ruggedcomscope:eqversion:bs4.4.4621.31

Trust: 0.6

vendor:siemensmodel:ruggedcomscope:eqversion:ss4.4.4624.34

Trust: 0.6

vendor:ruggedcommodel: - scope:eqversion:*

Trust: 0.4

vendor:siemensmodel:ruggedcom win7200scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom win7000scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom win5200scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom win5100scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:ruggedcom win7200 bs4.4.4621.32scope:neversion: -

Trust: 0.3

vendor:siemensmodel:ruggedcom win7000 bs4.4.4621.32scope:neversion: -

Trust: 0.3

vendor:siemensmodel:ruggedcom win5200 ss4.4.4624.35scope:neversion: -

Trust: 0.3

vendor:siemensmodel:ruggedcom win5100 ss4.4.4624.35scope:neversion: -

Trust: 0.3

sources: IVD: a4fe323c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00846 // BID: 72521 // JVNDB: JVNDB-2015-001343 // CNNVD: CNNVD-201502-019 // NVD: CVE-2015-1448

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1448
value: HIGH

Trust: 1.0

NVD: CVE-2015-1448
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-00846
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201502-019
value: CRITICAL

Trust: 0.6

IVD: a4fe323c-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-79409
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-1448
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-00846
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a4fe323c-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-79409
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: a4fe323c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00846 // VULHUB: VHN-79409 // JVNDB: JVNDB-2015-001343 // CNNVD: CNNVD-201502-019 // NVD: CVE-2015-1448

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-79409 // JVNDB: JVNDB-2015-001343 // NVD: CVE-2015-1448

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-019

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201502-019

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001343

PATCH
title:SSA-753139url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf
Trust: 0.8
title:A variety of Siemens Ruggedcom product security bypass vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/54944
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00846 // 
            
            
            
            JVNDB: JVNDB-2015-001343

EXTERNAL IDS
db:NVDid:CVE-2015-1448
Trust: 3.6
db:SIEMENSid:SSA-753139
Trust: 2.3
db:BIDid:72521
Trust: 1.0
db:CNNVDid:CNNVD-201502-019
Trust: 0.9
db:CNVDid:CNVD-2015-00846
Trust: 0.8
db:JVNDBid:JVNDB-2015-001343
Trust: 0.8
db:ICS CERTid:ICSA-15-034-02
Trust: 0.3
db:IVDid:A4FE323C-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-79409
Trust: 0.1
sources:
            
            
            IVD: a4fe323c-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-00846 // 
            
            
            
            VULHUB: VHN-79409 // 
            
            
            
            BID: 72521 // 
            
            
            
            JVNDB: JVNDB-2015-001343 // 
            
            
            
            CNNVD: CNNVD-201502-019 // 
            
            
            
            NVD: CVE-2015-1448

REFERENCES
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf
Trust: 2.3
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1448
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1448
Trust: 0.8
url:http://www.siemens.com/
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-15-034-02
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-00846 // 
            
            
            
            VULHUB: VHN-79409 // 
            
            
            
            BID: 72521 // 
            
            
            
            JVNDB: JVNDB-2015-001343 // 
            
            
            
            CNNVD: CNNVD-201502-019 // 
            
            
            
            NVD: CVE-2015-1448

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 72521

SOURCES
db:IVDid:a4fe323c-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-00846
db:VULHUBid:VHN-79409
db:BIDid:72521
db:JVNDBid:JVNDB-2015-001343
db:CNNVDid:CNNVD-201502-019
db:NVDid:CVE-2015-1448

LAST UPDATE DATE
2024-11-23T22:27:11.653000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00846date:2015-02-04T00:00:00
db:VULHUBid:VHN-79409date:2015-02-04T00:00:00
db:BIDid:72521date:2015-02-03T00:00:00
db:JVNDBid:JVNDB-2015-001343date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201502-019date:2015-02-03T00:00:00
db:NVDid:CVE-2015-1448date:2024-11-21T02:25:26.773

SOURCES RELEASE DATE
db:IVDid:a4fe323c-2351-11e6-abef-000c29c66e3ddate:2015-02-04T00:00:00
db:CNVDid:CNVD-2015-00846date:2015-02-04T00:00:00
db:VULHUBid:VHN-79409date:2015-02-02T00:00:00
db:BIDid:72521date:2015-02-03T00:00:00
db:JVNDBid:JVNDB-2015-001343date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201502-019date:2015-02-03T00:00:00
db:NVDid:CVE-2015-1448date:2015-02-02T15:59:08.317