Details of VAR-201510-0406

ID

VAR-201510-0406

CVE

CVE-2015-7836

TITLE

Siemens RUGGEDCOM ROS Information Disclosure Vulnerability

Trust: 1.4

sources: IVD: 6ea6390a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07205 // CNNVD: CNNVD-201510-679

DESCRIPTION

Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. Siemens RuggedCom ROS and ROX-based devices are used to connect devices in harsh environments such as substations, traffic management chassis, and more. An information disclosure vulnerability exists in the previous version of Siemens RUGGEDCOM ROS 4.2.1. An attacker can exploit this issue to obtain sensitive information. Successful exploits may lead to other attacks. Versions prior to RuggedCom ROS 4.2.1 are vulnerable. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany

Trust: 2.7

sources: NVD: CVE-2015-7836 // JVNDB: JVNDB-2015-005630 // CNVD: CNVD-2015-07205 // BID: 77332 // IVD: 6ea6390a-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-85797

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 6ea6390a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07205

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	4.2.1	Trust: 1.4
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lte	version:	4.2.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	4.2.0	Trust: 0.6
vendor:	siemens	model:	ruggedcom ros	scope:	eq	version:	3.8	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	eq	version:	4.2.0	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	eq	version:	4.1.0	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	ne	version:	4.2.1	Trust: 0.3
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 6ea6390a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07205 // BID: 77332 // JVNDB: JVNDB-2015-005630 // CNNVD: CNNVD-201510-679 // NVD: CVE-2015-7836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7836
value:	LOW
Trust: 1.0
NVD:	CVE-2015-7836
value:	LOW
Trust: 0.8
CNVD:	CNVD-2015-07205
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201510-679
value:	LOW
Trust: 0.6
IVD:	6ea6390a-2351-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
VULHUB:	VHN-85797
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-7836
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07205
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6ea6390a-2351-11e6-abef-000c29c66e3d
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-85797
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 6ea6390a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07205 // VULHUB: VHN-85797 // JVNDB: JVNDB-2015-005630 // CNNVD: CNNVD-201510-679 // NVD: CVE-2015-7836

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-85797 // JVNDB: JVNDB-2015-005630 // NVD: CVE-2015-7836

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201510-679

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-679

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005630

PATCH

title:	SSA-921524	url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf	Trust: 0.8
title:	Siemens RUGGEDCOM ROS Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/66218	Trust: 0.6

sources: CNVD: CNVD-2015-07205 // JVNDB: JVNDB-2015-005630

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7836	Trust: 3.6
db:	ICS CERT	id:	ICSA-15-300-01	Trust: 2.8
db:	SIEMENS	id:	SSA-921524	Trust: 2.3
db:	SECTRACK	id:	1033973	Trust: 1.1
db:	CNNVD	id:	CNNVD-201510-679	Trust: 0.9
db:	CNVD	id:	CNVD-2015-07205	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005630	Trust: 0.8
db:	BID	id:	77332	Trust: 0.4
db:	IVD	id:	6EA6390A-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-85797	Trust: 0.1

sources: IVD: 6ea6390a-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07205 // VULHUB: VHN-85797 // BID: 77332 // JVNDB: JVNDB-2015-005630 // CNNVD: CNNVD-201510-679 // NVD: CVE-2015-7836

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-300-01	Trust: 2.8
url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf	Trust: 2.3
url:	http://www.securitytracker.com/id/1033973	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7836	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7836	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3
url:	http://w3.siemens.com/mcms/industrial-communication/en/rugged-communication/products/pages/product-overview.aspx	Trust: 0.3

sources: CNVD: CNVD-2015-07205 // VULHUB: VHN-85797 // BID: 77332 // JVNDB: JVNDB-2015-005630 // CNNVD: CNNVD-201510-679 // NVD: CVE-2015-7836

CREDITS

David Formby and Raheem Beyah of Georgia Tech

Trust: 0.3

sources: BID: 77332

SOURCES

db:	IVD	id:	6ea6390a-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-07205
db:	VULHUB	id:	VHN-85797
db:	BID	id:	77332
db:	JVNDB	id:	JVNDB-2015-005630
db:	CNNVD	id:	CNNVD-201510-679
db:	NVD	id:	CVE-2015-7836

LAST UPDATE DATE

2024-11-23T22:56:23.996000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07205	date:	2015-11-04T00:00:00
db:	VULHUB	id:	VHN-85797	date:	2017-09-15T00:00:00
db:	BID	id:	77332	date:	2015-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-005630	date:	2015-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201510-679	date:	2015-10-29T00:00:00
db:	NVD	id:	CVE-2015-7836	date:	2024-11-21T02:37:29.853

SOURCES RELEASE DATE

db:	IVD	id:	6ea6390a-2351-11e6-abef-000c29c66e3d	date:	2015-11-04T00:00:00
db:	CNVD	id:	CNVD-2015-07205	date:	2015-11-04T00:00:00
db:	VULHUB	id:	VHN-85797	date:	2015-10-28T00:00:00
db:	BID	id:	77332	date:	2015-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-005630	date:	2015-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201510-679	date:	2015-10-29T00:00:00
db:	NVD	id:	CVE-2015-7836	date:	2015-10-28T10:59:17.780