OTPulse
FeedAboutContact

Siemens RUGGEDCOM ROX Devices

Plan Patch7.5ICS-CERT ICSA-21-287-08Oct 12, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in Siemens RUGGEDCOM ROX industrial Ethernet switches (all versions before v2.14.1) allows an unauthenticated attacker to cause a permanent denial-of-service condition by sending a crafted request to port 443/TCP. The affected devices include RUGGEDCOM ROX MX5000 and RX series models (RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000). No known public exploits exist, but the vulnerability is straightforward to exploit.

What this means
What could happen
An unauthenticated attacker on your network could crash RUGGEDCOM ROX devices and render them unrecoverable, disrupting communications and control functions across your network infrastructure until devices are physically recovered or replaced.
Who's at risk
Network administrators at utilities and industrial facilities operating Siemens RUGGEDCOM ROX industrial Ethernet switches (including MX5000 and RX series devices) should be concerned. These devices manage mission-critical network traffic in water systems, electrical substations, and manufacturing plants where outages directly impact service delivery.
How it could be exploited
An attacker with network access to port 443/TCP on a vulnerable RUGGEDCOM ROX device can send a specially crafted request that causes the device to enter a permanent denial-of-service state. No authentication or complex techniques are required.
Prerequisites
  • Network access to port 443/TCP on the RUGGEDCOM ROX device
  • Device running firmware version earlier than v2.14.1
Remotely exploitableNo authentication requiredLow complexity attackPermanent denial-of-service impactAffects critical network infrastructure
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (10)
10 with fix
ProductAffected VersionsFix Status
RUGGEDCOM ROX MX5000<V2.14.12.14.1
RUGGEDCOM ROX RX1400<V2.14.12.14.1
RUGGEDCOM ROX RX1500<V2.14.12.14.1
RUGGEDCOM ROX RX1501<V2.14.12.14.1
RUGGEDCOM ROX RX1510<V2.14.12.14.1
RUGGEDCOM ROX RX1511<V2.14.12.14.1
RUGGEDCOM ROX RX1512<V2.14.12.14.1
RUGGEDCOM ROX RX1524<V2.14.12.14.1
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict access to port 443/TCP on all RUGGEDCOM ROX devices to only trusted IP addresses using firewall rules
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all RUGGEDCOM ROX devices to firmware version 2.14.1 or later
Long-term hardening
0/1
HARDENINGEnsure RUGGEDCOM ROX devices are not directly accessible from the Internet; place behind firewalls and isolate from business network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/52b579e3-eba5-4f1b-bcbf-df8901cf2a96
Siemens RUGGEDCOM ROX Devices | CVSS 7.5 - OTPulse