VAR-201508-0255
Vulnerability from variot - Updated: 2023-12-18 12:44The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. This vulnerability CVE-2014-3566 Is a different vulnerability.Man-in-the-middle attacks (man-in-the-middle attack) May get plain text data through padding oracle attacks. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. The Rugged Operating System (ROS) has a security vulnerability that allows an attacker to reduce the client to SSLv3 through a man-in-the-middle attack instead of the TLS v1.x protocol, and then use the BEAST type of attack to decrypt the communication. Siemens RuggedCom ROS and ROX devices are prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Siemens RuggedCom ROS and ROX II is a set of operating systems used in RuggedCom series switches from Siemens, Germany. The vulnerability stems from the fact that the program does not implement CBC padding correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom rugged operating system",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.0"
},
{
"model": "ruggedcom rugged operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "(ros) 4.2.0"
},
{
"model": "ruggedcom rugged operating system on linux ii",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "rugged operating system",
"scope": null,
"trust": 0.6,
"vendor": "ruggedcom",
"version": null
},
{
"model": "ruggedcom rugged operating system",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "ruggedcom rugged operating system on linux ii",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom rugged operating system",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom rugged operating system on linux ii",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5537"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "75982"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5537",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-5537",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04983",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "808fa976-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-83498",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5537",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04983",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-740",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83498",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. This vulnerability CVE-2014-3566 Is a different vulnerability.Man-in-the-middle attacks (man-in-the-middle attack) May get plain text data through padding oracle attacks. RuggedCom Inc. is the world\u0027s leading manufacturer of high performance networking and communications equipment for industrial environments. The Rugged Operating System (ROS) has a security vulnerability that allows an attacker to reduce the client to SSLv3 through a man-in-the-middle attack instead of the TLS v1.x protocol, and then use the BEAST type of attack to decrypt the communication. Siemens RuggedCom ROS and ROX devices are prone to an information disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Siemens RuggedCom ROS and ROX II is a set of operating systems used in RuggedCom series switches from Siemens, Germany. The vulnerability stems from the fact that the program does not implement CBC padding correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "BID",
"id": "75982"
},
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83498"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5537",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-202-03A",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-396873",
"trust": 2.3
},
{
"db": "SECTRACK",
"id": "1033022",
"trust": 1.7
},
{
"db": "BID",
"id": "75982",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-04983",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967",
"trust": 0.8
},
{
"db": "IVD",
"id": "808FA976-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89505",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-83498",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "BID",
"id": "75982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"id": "VAR-201508-0255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
}
],
"trust": 1.4973789366666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
}
]
},
"last_update_date": "2023-12-18T12:44:59.711000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-396873",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf"
},
{
"title": "Rugged Operating System (ROS) SSL 3.0 protocol downgrades SSL decryption vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/61675"
},
{
"title": "Siemens RuggedCom ROS and ROX II Repair measures for device information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180266"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-202-03a"
},
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1033022"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5537"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5537"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "BID",
"id": "75982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "BID",
"id": "75982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-29T00:00:00",
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"date": "2015-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-83498"
},
{
"date": "2015-07-22T00:00:00",
"db": "BID",
"id": "75982"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"date": "2015-08-03T01:59:02.903000",
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"date": "2015-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-83498"
},
{
"date": "2015-07-22T00:00:00",
"db": "BID",
"id": "75982"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"date": "2022-02-01T16:54:05.830000",
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rugged Operating System (ROS) SSL 3.0 Protocol downgrade SSL Decryption vulnerability",
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…