Vulnerability Description
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.
CVSS Score
8.3
HIGH
AV:N/AC:M/Au:N/C:P/I:P/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Ruggedcom Rugged Operating System | < 3.12.2 |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01Third Party AdvisoryUS Government Resource
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviBroken LinkVendor Advisory
- http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01Third Party AdvisoryUS Government Resource
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviBroken LinkVendor Advisory
FAQ
What is CVE-2013-6925?
CVE-2013-6925 is a vulnerability with a CVSS score of 8.3 (HIGH). The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.
How severe is CVE-2013-6925?
CVE-2013-6925 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6925?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Ruggedcom Rugged Operating System.