CBC Padding Vulnerability in Siemens RuggedCom ROS and ROX II
CVE-2015-5537

Currently unrated

Key Information:

Vendor: Siemens
Status: Ruggedcom Rugged Operating System; Ruggedcom Rox Ii Firmware
Vendor: CVE Published:; 3 August 2015

Summary

The SSL implementation in the HTTPS service of Siemens RuggedCom ROS versions prior to 4.2.0 and ROX II suffers from improper handling of CBC padding. This weakness allows man-in-the-middle attackers to exploit a padding-oracle attack, potentially decrypting sensitive information transmitted over the network. This vulnerability differs from others, notably affecting the confidentiality of data in transit.

References

http://www.securitytracker.com/id/1033022

vdb-entryx_refsource_SECTRACK

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A

x_refsource_MISC

Timeline

Vulnerability published
Aug 3, 2015
Vulnerability Reserved
Jul 17, 2015