Remote Session Hijacking Vulnerability in Siemens RuggedCom ROS
CVE-2013-6925

Currently unrated

Key Information:

Vendor: Siemens
Status: Ruggedcom Rugged Operating System
Vendor: CVE Published:; 17 December 2013

Summary

The integrated HTTPS server in Siemens RuggedCom ROS prior to version 3.12.2 is susceptible to a remote session hijacking vulnerability. Attackers can exploit this flaw by predicting session ID values, enabling unauthorized access to active web sessions. This poses significant risks to the confidentiality and integrity of communications, potentially allowing attackers to manipulate sessions and access sensitive information.

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01

x_refsource_MISC

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 17, 2013
Vulnerability Reserved
Dec 3, 2013