ICSA-19-099-05 Siemens RUGGEDCOM ROX II

Act Now9.8ICS-CERT ICSA-19-099-05Apr 9, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens RUGGEDCOM ROX II devices contain multiple memory safety vulnerabilities (CWE-415 use-after-free, CWE-125 out-of-bounds read, CWE-228 missing initialization) in firmware versions prior to v2.13.0. These vulnerabilities allow unauthenticated remote attackers to execute arbitrary code or crash the device via network access to the affected routing appliance.

What this means

What could happen

An attacker could remotely execute commands on the RUGGEDCOM ROX II routing appliance, potentially gaining control of network communications in your industrial plant or utility network. This could disrupt data flow between control centers and field devices, or enable lateral movement to connected systems.

Who's at risk

Network operators and utility companies running Siemens RUGGEDCOM ROX II routing appliances for industrial control system communications, especially those connecting substations, remote sites, or field devices to central management systems. Any organization using these devices for data concentration or network routing in OT environments should prioritize this vulnerability.

How it could be exploited

An attacker on the network (or Internet-reachable device) sends a crafted packet to the RUGGEDCOM ROX II. The packet triggers a memory safety flaw in the routing service, allowing the attacker to execute arbitrary code with device privileges. No authentication or special configuration is required—the vulnerability exists in the default state.

Prerequisites

Network access to RUGGEDCOM ROX II device (typically network layer reachable)
Device running firmware version prior to v2.13.0
No credentials or authentication required

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (9.8)Affects network routing—impacts all downstream communicationsNo patch available for older devices

Exploitability

Moderate exploit probability (EPSS 5.5%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM ROX II<V2.13.0v2.13.0

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDDisable BGP (Border Gateway Protocol) routing service if not actively used in your network design.

HARDENINGConfigure BGP authentication passwords on all BGP neighbor connections to restrict routing updates.

HARDENINGRestrict network access to RUGGEDCOM ROX II devices using firewall rules; devices should not be reachable from the Internet or untrusted networks.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM ROX II firmware to version v2.13.0 or later. Contact Siemens RUGGEDCOM support for firmware download.

Long-term hardening

0/1

HARDENINGIsolate control system networks containing RUGGEDCOM ROX II devices behind firewalls and away from business networks.

CVEs (3)

CVE-2018-5379 CVE-2018-5380 CVE-2018-5381

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cdcdccd6-236e-4689-8b0e-27eaee6b2bb8