Siemens » Ruggedcom Rugged Operating System : Security Vulnerabilities, CVEs, CVSS score >= 4
Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.
Max CVSS
4.3
EPSS Score
0.27%
Published
2015-09-11
Updated
2016-12-22
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
Max CVSS
4.3
EPSS Score
0.09%
Published
2015-08-03
Updated
2022-02-01
The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.
Max CVSS
5.0
EPSS Score
0.20%
Published
2014-04-01
Updated
2022-02-01
The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets.
Max CVSS
7.8
EPSS Score
0.22%
Published
2014-02-24
Updated
2022-02-01
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.
Max CVSS
8.0
EPSS Score
0.21%
Published
2013-12-17
Updated
2022-02-01
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.
Max CVSS
8.3
EPSS Score
0.30%
Published
2013-12-17
Updated
2022-02-01
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
Max CVSS
8.5
EPSS Score
1.28%
Published
2012-04-28
Updated
2022-02-01
CVE-2012-1803
Public exploit
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
Max CVSS
8.5
EPSS Score
0.98%
Published
2012-04-28
Updated
2022-02-01
8 vulnerabilities found