CVE-2015-7836
published 2015-10-28CVE-2015-7836: Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of…
PriorityP411low3.3CVSS 2.0
AVAACLAuNCPINAN
EPSS
0.93%
56.0th percentile
Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | ruggedcom_rugged_operating_system | <= 4.2.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h2rm-qfv5-q82p: Siemens RUGGEDCOM ROS before 4
ghsa_unreviewed·2022-05-17
CVE-2015-7836 [LOW] CWE-200 GHSA-h2rm-qfv5-q82p: Siemens RUGGEDCOM ROS before 4
Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.
CISA ICS
Siemens RuggedCom Improper Ethernet Frame Padding Vulnerability
cisa_ics·2018-08-27
Siemens RuggedCom Improper Ethernet Frame Padding Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens RuggedCom Improper Ethernet Frame Padding Vulnerability
Last RevisedAugust 27, 2018
Alert CodeICSA-15-300-01
## OVERVIEW
David Formby and Raheem Beyah of Georgia Tech have identified a vulnerability caused by an Institute of Electrical and Electronics Engineers (IEEE) conformance issue involving improper frame padding in Siemens RuggedCom ROS-based devices. Siemens has already released a revision that eliminates this vulnerability. This advisory serves as a notification of a new vulnerability in the previous software version. The researchers have tested the revision to v
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securitytracker.com/id/1033973http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-15-300-01http://www.securitytracker.com/id/1033973http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-15-300-01
2015-10-28
Published