CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7836
https://notcve.org/view.php?id=CVE-2015-7836
Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. Siemens RUGGEDCOM ROS en versiones anteriores a 4.2.1 permite a atacantes remotos obtener información sensible rastreando la red en busca de datos VLAN en la sección del padding en un marco de Ethernet. • http://www.securitytracker.com/id/1033973 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf https://ics-cert.us-cert.gov/advisories/ICSA-15-300-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6675
https://notcve.org/view.php?id=CVE-2015-6675
Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. Vulnerabilidad en Siemens RUGGEDCOM ROS 3.8.0 hasta 4.1.x, habilita permanentemente la funcionalidad de reenvío de IP, lo que permite a atacantes remotos eludir un mecanismo de protección de aislamiento VLAN a través de tráfico IP. • http://www.securitytracker.com/id/1033478 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-720081.pdf https://ics-cert.us-cert.gov/advisories/ICSA-15-244-01 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5537
https://notcve.org/view.php?id=CVE-2015-5537
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. Vulnerabilidad en la capa SSL del servicio HTTPS en Siemens RuggedCom ROS en versiones anteriores a 4.2.0 y ROX II, no implementa adecuadamente el padding en CBC, lo cual facilita a atacantes man-in-the-middle obtener texto plano a través de un ataque padding-oracle, vulnerabilidad diferente a CVE-2014-3566. • http://www.securitytracker.com/id/1033022 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2590
https://notcve.org/view.php?id=CVE-2014-2590
The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets. La interfaz de gestión de web en Siemens RuggedCom ROS anterior a 3.11, ROS 3.11 anterior a 3.11.5 para RS950G, ROS 3.12 y ROS 4.0 para RSG2488 permite a atacantes remotos causar una denegación de servicio (interrupción de interfaz) a través de paquetes HTTP manipulados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1966
https://notcve.org/view.php?id=CVE-2014-1966
The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets. La implementación SNMP en Siemens RuggedCom ROS anterior a 3.11, ROS 3.11 para RS950G, ROS 3.12 anterior a 3.12.4 y ROS 4.0 para RSG2488 permite a atacantes remotos causar una denegación de servicio (interrupción de dispositivo) a través de paquetes manipulados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf •