VAR-201510-0406
Vulnerability from variot - Updated: 2023-12-18 13:14Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. Siemens RuggedCom ROS and ROX-based devices are used to connect devices in harsh environments such as substations, traffic management chassis, and more. An information disclosure vulnerability exists in the previous version of Siemens RUGGEDCOM ROS 4.2.1. An attacker can exploit this issue to obtain sensitive information. Successful exploits may lead to other attacks. Versions prior to RuggedCom ROS 4.2.1 are vulnerable. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0406",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom rugged operating system",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": "ruggedcom rugged operating system",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.0"
},
{
"model": "ruggedcom rugged operating system",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.2.0"
},
{
"model": "ruggedcom ros",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.8"
},
{
"model": "ruggedcom ros",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.2.0"
},
{
"model": "ruggedcom ros",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.1.0"
},
{
"model": "ruggedcom ros",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom rugged operating system",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"db": "BID",
"id": "77332"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005630"
},
{
"db": "NVD",
"id": "CVE-2015-7836"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7836"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Formby and Raheem Beyah of Georgia Tech",
"sources": [
{
"db": "BID",
"id": "77332"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7836",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7836",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2015-07205",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-85797",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7836",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2015-07205",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-679",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-85797",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"db": "VULHUB",
"id": "VHN-85797"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005630"
},
{
"db": "NVD",
"id": "CVE-2015-7836"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. Siemens RuggedCom ROS and ROX-based devices are used to connect devices in harsh environments such as substations, traffic management chassis, and more. An information disclosure vulnerability exists in the previous version of Siemens RUGGEDCOM ROS 4.2.1. \nAn attacker can exploit this issue to obtain sensitive information. Successful exploits may lead to other attacks. \nVersions prior to RuggedCom ROS 4.2.1 are vulnerable. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7836"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005630"
},
{
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"db": "BID",
"id": "77332"
},
{
"db": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-85797"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7836",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-01",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-921524",
"trust": 2.3
},
{
"db": "SECTRACK",
"id": "1033973",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201510-679",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07205",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005630",
"trust": 0.8
},
{
"db": "BID",
"id": "77332",
"trust": 0.4
},
{
"db": "IVD",
"id": "6EA6390A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-85797",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"db": "VULHUB",
"id": "VHN-85797"
},
{
"db": "BID",
"id": "77332"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005630"
},
{
"db": "NVD",
"id": "CVE-2015-7836"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
]
},
"id": "VAR-201510-0406",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"db": "VULHUB",
"id": "VHN-85797"
}
],
"trust": 1.326062115
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07205"
}
]
},
"last_update_date": "2023-12-18T13:14:35.794000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-921524",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf"
},
{
"title": "Siemens RUGGEDCOM ROS Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/66218"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005630"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85797"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005630"
},
{
"db": "NVD",
"id": "CVE-2015-7836"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-01"
},
{
"trust": 2.3,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033973"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7836"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7836"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/mcms/industrial-communication/en/rugged-communication/products/pages/product-overview.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"db": "VULHUB",
"id": "VHN-85797"
},
{
"db": "BID",
"id": "77332"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005630"
},
{
"db": "NVD",
"id": "CVE-2015-7836"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"db": "VULHUB",
"id": "VHN-85797"
},
{
"db": "BID",
"id": "77332"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005630"
},
{
"db": "NVD",
"id": "CVE-2015-7836"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-04T00:00:00",
"db": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85797"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77332"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005630"
},
{
"date": "2015-10-28T10:59:17.780000",
"db": "NVD",
"id": "CVE-2015-7836"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"date": "2017-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-85797"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77332"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005630"
},
{
"date": "2017-09-15T01:29:01.873000",
"db": "NVD",
"id": "CVE-2015-7836"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens RUGGEDCOM ROS Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "6ea6390a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07205"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-679"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…