Siemens RuggedCom Uncontrolled Resource Consumption Vulnerability (Update B)
Low RiskICS-CERT ICSA-14-051-03BNov 23, 2014
Summary
Siemens RuggedCom devices running ROS firmware versions before specific thresholds are vulnerable to uncontrolled resource consumption (CWE-400). An attacker could send crafted network requests that exhaust system resources (CPU, memory, or network bandwidth), causing denial of service or device instability. Affected versions include ROS versions before 3.11, ROS v3.11 before 3.11.5 (RS950G), ROS v3.12 before 3.12.4, and ROS v4.0 before 4.1.0 (RSG2488). No vendor patches have been released for these products.
What this means
What could happen
An attacker could send specially crafted packets to consume all available system resources on a RuggedCom device, causing it to become unresponsive or reboot. This could interrupt network connectivity and control communication for critical infrastructure systems relying on the RuggedCom for routing or industrial networking.
Who's at risk
Water utilities and electric utilities that use Siemens RuggedCom devices (RS950G, RSG2488, or other industrial routers) for SCADA network connectivity and field device communication. Any organization with RuggedCom switches or routers in their OT network perimeter or control system backbone should assess their exposure.
How it could be exploited
An attacker with network access to a RuggedCom device sends crafted packets designed to trigger excessive resource consumption on the device. The packets exploit the uncontrolled resource allocation in the ROS firmware, exhausting CPU, memory, or bandwidth until the device becomes unresponsive or crashes.
Prerequisites
- Network access to the RuggedCom device (direct or via network path)
- No authentication required
- Device running vulnerable ROS firmware version
Remotely exploitableNo authentication requiredNo patch availableAffects industrial networking equipment
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
ROS: <v3.11<v3.11No fix (EOL)
ROS v3.11 (for product RS950G): <ROS_v3.11.5<ROS v3.11.5No fix (EOL)
ROS v3.12: <ROS_v3.12.4<ROS v3.12.4No fix (EOL)
ROS v4.0 (for product RSG2488): <ROS_v4.1.0<ROS v4.1.0No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1HARDENINGImplement network access controls (firewall rules, ACLs) to restrict who can communicate with RuggedCom devices to trusted engineering and control network segments only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor RuggedCom devices for signs of resource exhaustion (CPU spikes, memory errors, dropped connections) using available device diagnostics or SNMP monitoring if available
HOTFIXPlan migration away from end-of-life ROS versions to supported firmware versions (ROS v3.11.5 or later for RS950G, ROS v3.12.4 or later, ROS v4.1.0 or later for RSG2488) when feasible within your maintenance window schedule
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: ROS: <v3.11, ROS v3.11 (for product RS950G): <ROS_v3.11.5, ROS v3.12: <ROS_v3.12.4, ROS v4.0 (for product RSG2488): <ROS_v4.1.0. Apply the following compensating controls:
HARDENINGSegment RuggedCom devices from untrusted networks and limit exposure to the Internet or guest networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/57b494cd-e0fb-4ce8-9883-b86a4b77f4d0