This page lists publicly disclosed CVE vulnerabilities affecting siemens ruggedcom_rugged_operating_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-7836 | Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. | [email protected] | 3.3 | 0.93% | 2015-10-28 | 2026-06-16 |
| CVE-2015-6675 | Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. | [email protected] | 4.3 | 0.81% | 2015-09-11 | 2026-06-16 |
| CVE-2015-5537 | The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. | [email protected] | 4.3 | 1.14% | 2015-08-02 | 2026-06-16 |
| CVE-2014-2590 | The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets. | [email protected] | 5.0 | 2.41% | 2014-04-01 | 2026-06-16 |
| CVE-2014-1966 | The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets. | [email protected] | 7.8 | 2.16% | 2014-02-23 | 2026-06-16 |
| CVE-2013-6926 | The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. | [email protected] | 8.0 | 1.50% | 2013-12-16 | 2026-06-16 |
| CVE-2013-6925 | The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. | [email protected] | 8.3 | 1.89% | 2013-12-16 | 2026-06-16 |
| CVE-2012-2441 | RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. | [email protected] | 8.5 | 8.61% | 2012-04-27 | 2026-06-16 |
| CVE-2012-1803 | RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session. | [email protected] | 8.5 | 49.11% | 2012-04-27 | 2026-06-16 |