CVE-2015-5537
published 2015-08-03CVE-2015-5537: The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
1.14%
62.6th percentile
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | ruggedcom_rugged_operating_system | < 4.2.0 | 4.2.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gmxw-f223-9jx2: The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4
ghsa_unreviewed·2022-05-13·CVSS 3.4
CVE-2015-5537 [LOW] CWE-312 GHSA-gmxw-f223-9jx2: The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
CISA ICS
Siemens RUGGEDCOM ROS and ROX-based Devices TLS POODLE Vulnerability (Update B)
cisa_ics·2018-08-27
Siemens RUGGEDCOM ROS and ROX-based Devices TLS POODLE Vulnerability (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens RUGGEDCOM ROS and ROX-based Devices TLS POODLE Vulnerability (Update B)
Last RevisedAugust 27, 2018
Alert CodeICSA-15-202-03B
## OVERVIEW
This updated advisory is a follow-up to the advisory titled ICSA-15-202-03A Siemens RUGGEDCOM ROS and ROX Based Devices TLS POODLE Vulnerability that was published July 25, 2015, on the NCCIC/ICS-CERT web site.
Siemens has reported to ICS-CERT that a Transport Layer Security (TLS) Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability exists in the web interface of Siemens RUGGEDCOM ROS and ROX-based devices. Siemens ha
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securitytracker.com/id/1033022http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-15-202-03Ahttp://www.securitytracker.com/id/1033022http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A
2015-08-03
Published