Siemens RuggedCom Uncontrolled Resource Consumption Vulnerability (Update B)

Low RiskICS-CERT ICSA-14-051-03BNov 23, 2014

Siemens

Summary

Siemens RuggedCom devices running ROS firmware versions before specific thresholds are vulnerable to uncontrolled resource consumption (CWE-400). An attacker could send crafted network requests that exhaust system resources (CPU, memory, or network bandwidth), causing denial of service or device instability. Affected versions include ROS versions before 3.11, ROS v3.11 before 3.11.5 (RS950G), ROS v3.12 before 3.12.4, and ROS v4.0 before 4.1.0 (RSG2488). No vendor patches have been released for these products.

What this means

What could happen

An attacker could send specially crafted packets to consume all available system resources on a RuggedCom device, causing it to become unresponsive or reboot. This could interrupt network connectivity and control communication for critical infrastructure systems relying on the RuggedCom for routing or industrial networking.

Who's at risk

Water utilities and electric utilities that use Siemens RuggedCom devices (RS950G, RSG2488, or other industrial routers) for SCADA network connectivity and field device communication. Any organization with RuggedCom switches or routers in their OT network perimeter or control system backbone should assess their exposure.

How it could be exploited

An attacker with network access to a RuggedCom device sends crafted packets designed to trigger excessive resource consumption on the device. The packets exploit the uncontrolled resource allocation in the ROS firmware, exhausting CPU, memory, or bandwidth until the device becomes unresponsive or crashes.

Prerequisites

Network access to the RuggedCom device (direct or via network path)
No authentication required
Device running vulnerable ROS firmware version

Remotely exploitableNo authentication requiredNo patch availableAffects industrial networking equipment

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (4)

4 EOL

ProductAffected VersionsFix Status

ROS: <v3.11<v3.11No fix (EOL)

ROS v3.11 (for product RS950G): <ROS_v3.11.5<ROS v3.11.5No fix (EOL)

ROS v3.12: <ROS_v3.12.4<ROS v3.12.4No fix (EOL)

ROS v4.0 (for product RSG2488): <ROS_v4.1.0<ROS v4.1.0No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGImplement network access controls (firewall rules, ACLs) to restrict who can communicate with RuggedCom devices to trusted engineering and control network segments only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor RuggedCom devices for signs of resource exhaustion (CPU spikes, memory errors, dropped connections) using available device diagnostics or SNMP monitoring if available

HOTFIXPlan migration away from end-of-life ROS versions to supported firmware versions (ROS v3.11.5 or later for RS950G, ROS v3.12.4 or later, ROS v4.1.0 or later for RSG2488) when feasible within your maintenance window schedule

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: ROS: <v3.11, ROS v3.11 (for product RS950G): <ROS_v3.11.5, ROS v3.12: <ROS_v3.12.4, ROS v4.0 (for product RSG2488): <ROS_v4.1.0. Apply the following compensating controls:

HARDENINGSegment RuggedCom devices from untrusted networks and limit exposure to the Internet or guest networks

CVEs (1)

CVE-2014-1966

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/57b494cd-e0fb-4ce8-9883-b86a4b77f4d0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.