Description
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
References (3)
Core 3
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033022
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf
Broken Link, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A
Scores
EPSS
0.0032
EPSS Percentile
55.5%
Details
CWE
CWE-312
Status
published
Products (2)
siemens/ruggedcom_rox_ii_firmware
siemens/ruggedcom_rugged_operating_system
< 4.2.0
Published
Aug 03, 2015
Tracked Since
Feb 18, 2026