CVE-2015-1448

2015-02-0215:59:08

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.005

Percentile

76.8%

JSON

The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.

Affected configurations

Nvd

Node

siemensruggedcom_firmwareRange≤bs4.4.4621.31

AND

siemensruggedcom_win7000Match-

siemensruggedcom_win7200Match-

Node

siemensruggedcom_firmwareRange≤ss4.4.4624.34

AND

siemensruggedcom_win5100Match-

siemensruggedcom_win5200Match-

VendorProductVersionCPE
siemensruggedcom_firmware*cpe:2.3:o:siemens:ruggedcom_firmware:*:*:*:*:*:*:*:*
siemensruggedcom_win7000-cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*
siemensruggedcom_win7200-cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*
siemensruggedcom_win5100-cpe:2.3:h:siemens:ruggedcom_win5100:-:*:*:*:*:*:*:*
siemensruggedcom_win5200-cpe:2.3:h:siemens:ruggedcom_win5200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	ruggedcom_firmware	*	cpe:2.3:o:siemens:ruggedcom_firmware::::::::
siemens	ruggedcom_win7000	-	cpe:2.3:h:siemens:ruggedcom_win7000:-:::::::*
siemens	ruggedcom_win7200	-	cpe:2.3:h:siemens:ruggedcom_win7200:-:::::::*
siemens	ruggedcom_win5100	-	cpe:2.3:h:siemens:ruggedcom_win5100:-:::::::*
siemens	ruggedcom_win5200	-	cpe:2.3:h:siemens:ruggedcom_win5200:-:::::::*