Vulnerability Description
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Ruggedcom Rox Ii Firmware | - |
| Siemens | Ruggedcom Rugged Operating System | < 4.2.0 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1033022Broken LinkThird Party AdvisoryVDB Entry
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviBroken LinkPatchVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03ABroken LinkThird Party AdvisoryUS Government Resource
- http://www.securitytracker.com/id/1033022Broken LinkThird Party AdvisoryVDB Entry
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviBroken LinkPatchVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03ABroken LinkThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-5537?
CVE-2015-5537 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext d...
How severe is CVE-2015-5537?
CVE-2015-5537 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5537?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Ruggedcom Rox Ii Firmware, Siemens Ruggedcom Rugged Operating System.