CVE-2013-6926

Published: Dec 17, 2013Modified: Apr 29, 2026

8.0

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:C

Exploitability: 8.0 / Impact: 8.5

Source: NVD

Description

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.

Affected (1)

Products: Siemens: Ruggedcom Rugged Operating System

Siemens

1 product

Ruggedcom Rugged Operating System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rugged Operating System	Before 3.12.2

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf

Source: cve@mitre.org

Broken LinkVendor Advisory

http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-324789.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

Timeline

No history available yet.