CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7836
https://notcve.org/view.php?id=CVE-2015-7836
28 Oct 2015 — Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. Siemens RUGGEDCOM ROS en versiones anteriores a 4.2.1 permite a atacantes remotos obtener información sensible rastreando la red en busca de datos VLAN en la sección del padding en un marco de Ethernet. • http://www.securitytracker.com/id/1033973 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6675
https://notcve.org/view.php?id=CVE-2015-6675
11 Sep 2015 — Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. Vulnerabilidad en Siemens RUGGEDCOM ROS 3.8.0 hasta 4.1.x, habilita permanentemente la funcionalidad de reenvío de IP, lo que permite a atacantes remotos eludir un mecanismo de protección de aislamiento VLAN a través de tráfico IP. • http://www.securitytracker.com/id/1033478 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5537
https://notcve.org/view.php?id=CVE-2015-5537
03 Aug 2015 — The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. Vulnerabilidad en la capa SSL del servicio HTTPS en Siemens RuggedCom ROS en versiones anteriores a 4.2.0 y ROX II, no implementa adecuadamente el padding en CBC, lo cual facilita a atacantes man-in-the-middle obtener texto plano a t... • http://www.securitytracker.com/id/1033022 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2590
https://notcve.org/view.php?id=CVE-2014-2590
28 Mar 2014 — The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets. La interfaz de gestión de web en Siemens RuggedCom ROS anterior a 3.11, ROS 3.11 anterior a 3.11.5 para RS950G, ROS 3.12 y ROS 4.0 para RSG2488 permite a atacantes remotos causar una denegación de servicio (interrupción de interfaz) a través de paquetes HTTP manipulados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1966
https://notcve.org/view.php?id=CVE-2014-1966
24 Feb 2014 — The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets. La implementación SNMP en Siemens RuggedCom ROS anterior a 3.11, ROS 3.11 para RS950G, ROS 3.12 anterior a 3.12.4 y ROS 4.0 para RSG2488 permite a atacantes remotos causar una denegación de servicio (interrupción de dispositivo) a través de paquetes manipulados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6925
https://notcve.org/view.php?id=CVE-2013-6925
17 Dec 2013 — The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. El servidor HTTPS integrado en Siemens RuggedCom ROS anterior a la versión 3.12.2 permite a atacantes remotos secuestrar sesiones web mediante la predicción de un valor id de sesión. • http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6926
https://notcve.org/view.php?id=CVE-2013-6926
17 Dec 2013 — The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. El servidor HTTPS integrado en Siemens RuggedCom ROS anterior a la versión 3.12.2 permite a atacantes remotos evadir restricciones de acceso intencionadas o acciones administrativas aprovechando el acceso a una cuenta de (1) invitado o de (2) operador. • http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 61%CPEs: 1EXPL: 4CVE-2012-1803 – RuggedCom Devices - Backdoor Access
https://notcve.org/view.php?id=CVE-2012-1803
28 Apr 2012 — RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session. El Sistema operativo RuggedCom Rugged (ROS) antes de v3.10.x tiene una cuenta de fábrica con una contraseña se deriva del campo de direcciones MAC que se muest... • https://packetstorm.news/files/id/180952 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 2CVE-2012-2441 – RuggedCom Devices - Backdoor Access
https://notcve.org/view.php?id=CVE-2012-2441
28 Apr 2012 — RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. El Sistema operativo RuggedCom Rugged (ROS) antes de v3.3 tiene una cuenta de fábrica con una contraseña que se deriva del campo de dirección MAC en un banner, lo q... • https://www.exploit-db.com/exploits/18779 • CWE-521: Weak Password Requirements •