CVE-2015-5537

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-5537
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.securitytracker.com/id/1033022 Broken Link Third Party Advisory VDB Entry
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf Broken Link Patch Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A Broken Link Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*
History

01 Feb 2022, 16:54

Type Values Removed Values Added
CWE CWE-310 CWE-312
CPE cpe:2.3:o:siemens:ruggedcom_rugged_operating_system_on_linux_ii:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:-:*:*:*:*:*:*:*
References (CONFIRM) http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf - Patch, Vendor Advisory (CONFIRM) http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf - Broken Link, Patch, Vendor Advisory
References (SECTRACK) http://www.securitytracker.com/id/1033022 - (SECTRACK) http://www.securitytracker.com/id/1033022 - Broken Link, Third Party Advisory, VDB Entry
References (MISC) https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A - Third Party Advisory, US Government Resource (MISC) https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A - Broken Link, Third Party Advisory, US Government Resource
Information

Published : 2015-08-03 01:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-5537

Mitre link : CVE-2015-5537

CVE.ORG link : CVE-2015-5537

JSON object : View

Products Affected

siemens

  • ruggedcom_rox_ii_firmware
  • ruggedcom_rugged_operating_system
CWE
CWE-312

Cleartext Storage of Sensitive Information