Auth bypass in Siemens Ruggedcom_rugged_operating_system

CVE-2013-6926

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.

Vulnerability class: Broken Access Control

EPSS: 0.003 (50.2th percentile) — read the EPSS interpretation.

Affected products

Siemens Ruggedcom_rugged_operating_system
N/a — versions n/a

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

cve@mitre.org (US Government Resource, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Broken Link, Vendor Advisory)