Siemens RuggedCom ROS up to 4.1.x CBC Padding cryptographic issue
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.4 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Siemens RuggedCom ROS up to 4.1.x. Affected by this issue is some unknown functionality of the component CBC Padding. Performing a manipulation results in cryptographic issue. This vulnerability is cataloged as CVE-2015-5537. There is no exploit available. You should upgrade the affected component.
Details
A vulnerability classified as critical has been found in Siemens RuggedCom ROS up to 4.1.x. This affects some unknown functionality of the component CBC Padding. The manipulation with an unknown input leads to a cryptographic issue vulnerability. CWE is classifying the issue as CWE-310. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
The weakness was shared 08/03/2015 (Website). The advisory is shared at ics-cert.us-cert.gov. This vulnerability is uniquely identified as CVE-2015-5537 since 07/17/2015. The exploitability is told to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1600 for this issue.
Upgrading to version 4.2.0 eliminates this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.siemens.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 5.4
VulDB Base Score: 5.6
VulDB Temp Score: 5.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cryptographic issueCWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Upgrade: RuggedCom ROS 4.2.0
Timeline
07/17/2015 🔍08/02/2015 🔍
08/03/2015 🔍
08/03/2015 🔍
06/07/2022 🔍
Sources
Vendor: siemens.comAdvisory: ssa-396873
Status: Not defined
Confirmation: 🔍
CVE: CVE-2015-5537 (🔍)
GCVE (CVE): GCVE-0-2015-5537
GCVE (VulDB): GCVE-100-76869
SecurityTracker: 1033022
Entry
Created: 08/03/2015 12:24Updated: 06/07/2022 09:39
Changes: 08/03/2015 12:24 (42), 08/01/2017 08:08 (8), 06/07/2022 09:39 (4)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.