CBC Padding Vulnerability in Siemens RuggedCom ROS and ROX II
CVE-2015-5537

Currently unrated

Key Information:

Vendor: Siemens
Status: Ruggedcom Rugged Operating System; Ruggedcom Rox Ii Firmware
Vendor: CVE Published:; 3 August 2015

What is CVE-2015-5537?

The SSL implementation in the HTTPS service of Siemens RuggedCom ROS versions prior to 4.2.0 and ROX II suffers from improper handling of CBC padding. This weakness allows man-in-the-middle attackers to exploit a padding-oracle attack, potentially decrypting sensitive information transmitted over the network. This vulnerability differs from others, notably affecting the confidentiality of data in transit.

References

http://www.securitytracker.com/id/1033022

vdb-entryx_refsource_SECTRACK

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2015
Vulnerability Reserved
Jul 17, 2015