Siemens ruggedcom ros sensitive information leakage (CVE-2015-7836)
Siemens ruggedcom ros sensitive information leakage (CVE-2015-7836)
Release date:
Updated on:
Affected Systems:
Siemens RuggedCom ROS <4.2.1
Description:
CVE (CAN) ID: CVE-2015-7836
Siemens RuggedCom ROS and ROX-based devices are used to connect devices in harsh environments, such as substations and traffic management cabinets.
In versions earlier than Siemens ruggedcom ros 4.2.1, Ethernet frames are not filled with NULL bytes. Remote attackers can obtain information about previous network packets from other VLANs.
<* Source: David Formby
Raheem Beyah
Link: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf
*>
Suggestion:
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf
This article permanently updates the link address: