CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2017-12736
https://notcve.org/view.php?id=CVE-2017-12736
26 Dec 2017 — A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing user... • http://www.securityfocus.com/bid/101041 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 10.0EPSS: 66%CPEs: 54EXPL: 4CVE-2017-14491 – Dnsmasq < 2.78 - 2-byte Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14491
02 Oct 2017 — Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replie... • https://packetstorm.news/files/id/144480 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5537
https://notcve.org/view.php?id=CVE-2015-5537
03 Aug 2015 — The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. Vulnerabilidad en la capa SSL del servicio HTTPS en Siemens RuggedCom ROS en versiones anteriores a 4.2.0 y ROX II, no implementa adecuadamente el padding en CBC, lo cual facilita a atacantes man-in-the-middle obtener texto plano a t... • http://www.securitytracker.com/id/1033022 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1357
https://notcve.org/view.php?id=CVE-2015-1357
02 Feb 2015 — Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. Los dispositivos Siemens Ruggedcom WIN51xx con firmware anterior a SS4.4.4624.35, los dispositivos WIN52xx con firmware anterior a SS4.4.4624.35, los dispositivos WIN70xx con fir... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2015-1448
https://notcve.org/view.php?id=CVE-2015-1448
02 Feb 2015 — The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. El servicio de la gestión integrada en los dispositivos Siemens Ruggedcom WIN51xx con firmware anterior a SS4.4.4624.35, los dispositivos... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2015-1449
https://notcve.org/view.php?id=CVE-2015-1449
02 Feb 2015 — Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el servidor web integrado en los dispositivos Siemens Ruggedcom WIN51xx con firmware anterior a SS4.4.4624.35, los dispositivos WIN5... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •