CVE-2015-5537

Published: Aug 3, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

Affected (2)

Products: Siemens: Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System

2 products

Ruggedcom Rox Ii Firmware

Ruggedcom Rugged Operating System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rox Ii Firmware	All versions
Siemens Ruggedcom Rugged Operating System	Before 4.2.0

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (6)

http://www.securitytracker.com/id/1033022

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf

Source: cve@mitre.org

Broken LinkPatchVendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A

Source: cve@mitre.org

Broken LinkThird Party AdvisoryUS Government Resource

http://www.securitytracker.com/id/1033022

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchVendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryUS Government Resource

Timeline

No history available yet.