CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7836
https://notcve.org/view.php?id=CVE-2015-7836
Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. Siemens RUGGEDCOM ROS en versiones anteriores a 4.2.1 permite a atacantes remotos obtener información sensible rastreando la red en busca de datos VLAN en la sección del padding en un marco de Ethernet. • http://www.securitytracker.com/id/1033973 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf https://ics-cert.us-cert.gov/advisories/ICSA-15-300-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6675
https://notcve.org/view.php?id=CVE-2015-6675
Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. Vulnerabilidad en Siemens RUGGEDCOM ROS 3.8.0 hasta 4.1.x, habilita permanentemente la funcionalidad de reenvío de IP, lo que permite a atacantes remotos eludir un mecanismo de protección de aislamiento VLAN a través de tráfico IP. • http://www.securitytracker.com/id/1033478 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-720081.pdf https://ics-cert.us-cert.gov/advisories/ICSA-15-244-01 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5537
https://notcve.org/view.php?id=CVE-2015-5537
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. Vulnerabilidad en la capa SSL del servicio HTTPS en Siemens RuggedCom ROS en versiones anteriores a 4.2.0 y ROX II, no implementa adecuadamente el padding en CBC, lo cual facilita a atacantes man-in-the-middle obtener texto plano a través de un ataque padding-oracle, vulnerabilidad diferente a CVE-2014-3566. • http://www.securitytracker.com/id/1033022 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A • CWE-312: Cleartext Storage of Sensitive Information •