CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2687
https://notcve.org/view.php?id=CVE-2017-2687
29 Mar 2017 — Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link. Siemens RUGGEDCOM ROX I (todas las versiones) contiene una vulnerabilidad en el servidor web integrado en el puerto 10000/TCP que es propenso a reflejar ataques de envio de secuencias de comandos en sitios cruzados si un usuario desprevenido es inducido a hacer clic en un enlace ... • http://www.securityfocus.com/bid/97170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2688
https://notcve.org/view.php?id=CVE-2017-2688
29 Mar 2017 — The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. El servidor web integrado en Siemens RUGGEDCOM ROX I (todas las versiones) en el puerto 10000/TCP podría permitir a atacantes remotos realizar acciones con los privilegios de un usuario ... • http://www.securityfocus.com/bid/97170 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2689
https://notcve.org/view.php?id=CVE-2017-2689
29 Mar 2017 — Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. Siemens RUGGEDCOM ROX I (todas las versiones) permiten a un usuario autenticado evitar las restricciones de acceso en la interfaz web en el puerto 10000 / TCP para obtener acceso privilegiado al sistema de archivos o cambiar la configuración. • http://www.securityfocus.com/bid/97170 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6864
https://notcve.org/view.php?id=CVE-2017-6864
29 Mar 2017 — The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. El servidor web integrado en Siemens RUGGEDCOM ROX I (todas las versiones) en el puerto 10000/TCP podría permitir a un usuario autenticado realizar ataques de envío de secuencias de comandos en sitios cruzados almacenados. • http://www.securityfocus.com/bid/97170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5537
https://notcve.org/view.php?id=CVE-2015-5537
03 Aug 2015 — The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. Vulnerabilidad en la capa SSL del servicio HTTPS en Siemens RuggedCom ROS en versiones anteriores a 4.2.0 y ROX II, no implementa adecuadamente el padding en CBC, lo cual facilita a atacantes man-in-the-middle obtener texto plano a t... • http://www.securitytracker.com/id/1033022 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.4EPSS: 89%CPEs: 28EXPL: 7CVE-2014-0224 – openssl: SSL/TLS MITM vulnerability
https://notcve.org/view.php?id=CVE-2014-0224
05 Jun 2014 — OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el proce... • https://packetstorm.news/files/id/180961 • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4698
https://notcve.org/view.php?id=CVE-2012-4698
23 Dec 2012 — Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. Siemens Ruggedcom Rugged Operating System (ROS) antes de v3.12, ROX I OS hasta v1.14.5, ROX II OS hasta v2.3.0 y... • http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •