Vulnerability Details : CVE-2015-5537
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
Products affected by CVE-2015-5537
- cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5537
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5537
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-5537
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5537
-
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf
Broken Link;Patch;Vendor Advisory
-
http://www.securitytracker.com/id/1033022
Rugged Operating System (ROS) SSL 3.0 Protocol Downgrade Flaw Lets Remote Users Decrypt SSL Traffic - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A
404 - File Not Found | CISABroken Link;Third Party Advisory;US Government Resource
Jump to