var-201508-0255
Vulnerability from variot
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. This vulnerability CVE-2014-3566 Is a different vulnerability.Man-in-the-middle attacks (man-in-the-middle attack) May get plain text data through padding oracle attacks. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. The Rugged Operating System (ROS) has a security vulnerability that allows an attacker to reduce the client to SSLv3 through a man-in-the-middle attack instead of the TLS v1.x protocol, and then use the BEAST type of attack to decrypt the communication. Siemens RuggedCom ROS and ROX devices are prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Siemens RuggedCom ROS and ROX II is a set of operating systems used in RuggedCom series switches from Siemens, Germany. The vulnerability stems from the fact that the program does not implement CBC padding correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "ruggedcom rugged operating system",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.0"
},
{
"model": "ruggedcom rugged operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "(ros) 4.2.0"
},
{
"model": "ruggedcom rugged operating system on linux ii",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "rugged operating system",
"scope": null,
"trust": 0.6,
"vendor": "ruggedcom",
"version": null
},
{
"model": "ruggedcom rugged operating system",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "ruggedcom rugged operating system on linux ii",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom rugged operating system",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom rugged operating system on linux ii",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5537"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "75982"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5537",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-5537",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04983",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "808fa976-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-83498",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5537",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04983",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-740",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83498",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. This vulnerability CVE-2014-3566 Is a different vulnerability.Man-in-the-middle attacks (man-in-the-middle attack) May get plain text data through padding oracle attacks. RuggedCom Inc. is the world\u0027s leading manufacturer of high performance networking and communications equipment for industrial environments. The Rugged Operating System (ROS) has a security vulnerability that allows an attacker to reduce the client to SSLv3 through a man-in-the-middle attack instead of the TLS v1.x protocol, and then use the BEAST type of attack to decrypt the communication. Siemens RuggedCom ROS and ROX devices are prone to an information disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Siemens RuggedCom ROS and ROX II is a set of operating systems used in RuggedCom series switches from Siemens, Germany. The vulnerability stems from the fact that the program does not implement CBC padding correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "BID",
"id": "75982"
},
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83498"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5537",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-202-03A",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-396873",
"trust": 2.3
},
{
"db": "SECTRACK",
"id": "1033022",
"trust": 1.7
},
{
"db": "BID",
"id": "75982",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-04983",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967",
"trust": 0.8
},
{
"db": "IVD",
"id": "808FA976-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89505",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-83498",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "BID",
"id": "75982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"id": "VAR-201508-0255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
}
],
"trust": 1.4973789366666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
}
]
},
"last_update_date": "2023-12-18T12:44:59.711000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-396873",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf"
},
{
"title": "Rugged Operating System (ROS) SSL 3.0 protocol downgrades SSL decryption vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/61675"
},
{
"title": "Siemens RuggedCom ROS and ROX II Repair measures for device information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180266"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-202-03a"
},
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1033022"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5537"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5537"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "BID",
"id": "75982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"db": "VULHUB",
"id": "VHN-83498"
},
{
"db": "BID",
"id": "75982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-29T00:00:00",
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"date": "2015-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-83498"
},
{
"date": "2015-07-22T00:00:00",
"db": "BID",
"id": "75982"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"date": "2015-08-03T01:59:02.903000",
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"date": "2015-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04983"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-83498"
},
{
"date": "2015-07-22T00:00:00",
"db": "BID",
"id": "75982"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003967"
},
{
"date": "2022-02-01T16:54:05.830000",
"db": "NVD",
"id": "CVE-2015-5537"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rugged Operating System (ROS) SSL 3.0 Protocol downgrade SSL Decryption vulnerability",
"sources": [
{
"db": "IVD",
"id": "808fa976-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04983"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-740"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.