Sign-up

ID

VAR-201502-0392


CVE

CVE-2015-1449


TITLE

plural Siemens Ruggedcom WIN Integrated device firmware Web Server buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001342

DESCRIPTION

Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. A remote attacker can exploit this vulnerability to execute arbitrary code. Ruggedcom WIN products are prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts may result in a denial-of-service condition

Trust: 2.7

sources: NVD: CVE-2015-1449 // JVNDB: JVNDB-2015-001342 // CNVD: CNVD-2015-00847 // BID: 72522 // IVD: a500d834-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-79410

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: a500d834-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00847

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcomscope:lteversion:ss4.4.4624.34

Trust: 1.0

vendor:siemensmodel:ruggedcomscope:lteversion:bs4.4.4621.31

Trust: 1.0

vendor:siemensmodel:ruggedcom win5100scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom win5200scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom win7000scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom win7200scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcomscope:ltversion:bs4.4.4621.32 (win70xx/win72xx)

Trust: 0.8

vendor:siemensmodel:ruggedcomscope:ltversion:ss4.4.4624.35 (win51xx/win52xx)

Trust: 0.8

vendor:siemensmodel:win51xx/win52xx <ss4.4.4624.35scope: - version: -

Trust: 0.6

vendor:siemensmodel:win70xx/win72xx <bs4.4.4621.32scope: - version: -

Trust: 0.6

vendor:siemensmodel:ruggedcomscope:eqversion:bs4.4.4621.31

Trust: 0.6

vendor:siemensmodel:ruggedcomscope:eqversion:ss4.4.4624.34

Trust: 0.6

vendor:ruggedcommodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: a500d834-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00847 // JVNDB: JVNDB-2015-001342 // CNNVD: CNNVD-201502-020 // NVD: CVE-2015-1449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1449
value: HIGH

Trust: 1.0

NVD: CVE-2015-1449
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-00847
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201502-020
value: CRITICAL

Trust: 0.6

IVD: a500d834-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-79410
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-1449
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-00847
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a500d834-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-79410
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: a500d834-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00847 // VULHUB: VHN-79410 // JVNDB: JVNDB-2015-001342 // CNNVD: CNNVD-201502-020 // NVD: CVE-2015-1449

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-79410 // JVNDB: JVNDB-2015-001342 // NVD: CVE-2015-1449

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-020

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: a500d834-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201502-020

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001342

PATCH
title:SSA-753139url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf
Trust: 0.8
title:Patches for multiple Siemens Ruggedcom product buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/54943
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00847 // 
            
            
            
            JVNDB: JVNDB-2015-001342

EXTERNAL IDS
db:NVDid:CVE-2015-1449
Trust: 3.6
db:SIEMENSid:SSA-753139
Trust: 2.3
db:BIDid:72522
Trust: 1.0
db:CNNVDid:CNNVD-201502-020
Trust: 0.9
db:CNVDid:CNVD-2015-00847
Trust: 0.8
db:JVNDBid:JVNDB-2015-001342
Trust: 0.8
db:IVDid:A500D834-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-79410
Trust: 0.1
sources:
            
            
            IVD: a500d834-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-00847 // 
            
            
            
            VULHUB: VHN-79410 // 
            
            
            
            BID: 72522 // 
            
            
            
            JVNDB: JVNDB-2015-001342 // 
            
            
            
            CNNVD: CNNVD-201502-020 // 
            
            
            
            NVD: CVE-2015-1449

REFERENCES
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf
Trust: 2.3
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1449
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1449
Trust: 0.8
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-00847 // 
            
            
            
            VULHUB: VHN-79410 // 
            
            
            
            BID: 72522 // 
            
            
            
            JVNDB: JVNDB-2015-001342 // 
            
            
            
            CNNVD: CNNVD-201502-020 // 
            
            
            
            NVD: CVE-2015-1449

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 72522

SOURCES
db:IVDid:a500d834-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-00847
db:VULHUBid:VHN-79410
db:BIDid:72522
db:JVNDBid:JVNDB-2015-001342
db:CNNVDid:CNNVD-201502-020
db:NVDid:CVE-2015-1449

LAST UPDATE DATE
2024-11-23T22:27:11.735000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00847date:2015-02-04T00:00:00
db:VULHUBid:VHN-79410date:2015-02-04T00:00:00
db:BIDid:72522date:2015-02-06T00:00:00
db:JVNDBid:JVNDB-2015-001342date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201502-020date:2015-02-09T00:00:00
db:NVDid:CVE-2015-1449date:2024-11-21T02:25:26.917

SOURCES RELEASE DATE
db:IVDid:a500d834-2351-11e6-abef-000c29c66e3ddate:2015-02-04T00:00:00
db:CNVDid:CNVD-2015-00847date:2015-02-04T00:00:00
db:VULHUBid:VHN-79410date:2015-02-02T00:00:00
db:BIDid:72522date:2015-02-06T00:00:00
db:JVNDBid:JVNDB-2015-001342date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201502-020date:2015-02-03T00:00:00
db:NVDid:CVE-2015-1449date:2015-02-02T15:59:09.223