Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities

Act Now5.3ICS-CERT ICSA-15-356-01Sep 24, 2015

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

NTP input validation vulnerabilities (CWE-592, CWE-20) in Siemens RUGGEDCOM ROX I and ROX II devices allow an attacker to spoof NTP responses and modify the device system time without authentication. These devices are designed for industrial network switching and routing in harsh environments. The vulnerabilities affect all versions of ROX I and ROX II versions prior to 2.9.0, with no vendor patches planned for ROX I and unclear fix status for ROX II.

What this means

What could happen

An attacker could alter the time on these network devices by spoofing NTP (Network Time Protocol) responses, which could disrupt time-sensitive operations and cause log timestamp inconsistencies across your network.

Who's at risk

Network infrastructure operators using Siemens RUGGEDCOM ROX I or ROX II devices for industrial networking, particularly in utilities and critical infrastructure environments where time synchronization is critical for coordination and logging.

How it could be exploited

An attacker on the network sends falsified NTP responses to the RUGGEDCOM device without authentication. The device accepts the malicious time update, allowing the attacker to alter system time and potentially cause time-dependent processes to behave unpredictably.

Prerequisites

Network access to NTP port 123 on the RUGGEDCOM device
No authentication required
Device must be configured to accept NTP updates

remotely exploitableno authentication requiredlow complexityhigh EPSS score (79.6%)no patch available

Exploitability

High exploit probability (EPSS 79.6%)

Affected products (2)

1 pending1 EOL

ProductAffected VersionsFix Status

ROX II: <2.9.0<2.9.0No fix yet

RUGGEDCOM ROX I: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDConfigure network firewall rules to restrict NTP traffic to trusted timeservers only; block unsolicited NTP responses from untrusted networks

WORKAROUNDDisable NTP on RUGGEDCOM devices if time synchronization is not required for your operations

Mitigations - no patch available

0/2

RUGGEDCOM ROX I: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate RUGGEDCOM devices on a protected network segment with restricted external access

HARDENINGUse NTP authentication (NTP symmetric key or MD5) if supported by your RUGGEDCOM firmware to validate NTP server responses

CVEs (4)

CVE-2015-7871 CVE-2015-7855 CVE-2015-7704 CVE-2015-5300

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/065f0a4b-7e15-4e3b-aeb5-5bf8c9523455