CVE-2015-5537

Currently unrated

Key Information:

Vendor: Siemens
Status: Ruggedcom Rugged Operating System; Ruggedcom Rox Ii Firmware
Vendor: CVE Published:; 3 August 2015

Summary

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

References

http://www.securitytracker.com/id/1033022

vdb-entryx_refsource_SECTRACK

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A

x_refsource_MISC

Timeline

Vulnerability published
Aug 3, 2015
Vulnerability Reserved
Jul 17, 2015