CVE-2015-5537
Last modified
CVE-2015-5537 is a vulnerability of currently unknown severity. The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.
Description
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Ruggedcom Rox Ii Firmware | All versions |
| Siemens | Ruggedcom Rugged Operating System | < 4.2.0 |
References
- http://www.securitytracker.com/id/1033022Broken Link, Third Party Advisory, VDB Entry
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdfBroken Link, Patch, Vendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03ABroken Link, Third Party Advisory, US Government Resource
- http://www.securitytracker.com/id/1033022Broken Link, Third Party Advisory, VDB Entry
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdfBroken Link, Patch, Vendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03ABroken Link, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-5537?
How severe is CVE-2015-5537?
How do I fix CVE-2015-5537?
Are you affected by CVE-2015-5537?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST