Multiple Vulnerabilities in RUGGEDCOM ROS Before V5.9

Plan Patch8.8SSA-170375Jul 9, 2024

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in RUGGEDCOM Operating System (ROS) allow information disclosure. The vulnerabilities permit leakage of confidential data including system configuration, cryptographic material, or other sensitive information. Affected products include industrial network switches and managed routers running ROS firmware versions before V4.3.10 (V4.X branch) and before V5.9.0 (V5.X branch). Several legacy product lines (RS900L, RS910L, RS920L, RS930L, RS969, and related -NC and -W variants) have no fix available.

What this means

What could happen

An attacker with network access to a RUGGEDCOM device could leak sensitive configuration data, cryptographic material, or system information that could be used to compromise the device or the broader network. This affects the confidentiality of data stored on your industrial network switches and routers.

Who's at risk

Industrial network switches and routers deployed in water utilities, electric utilities, and other critical infrastructure facilities that use RUGGEDCOM ROS-based devices for network backbone, edge switching, or redundant connectivity. Affects dozens of RUGGEDCOM models across industrial Ethernet switching product lines.

How it could be exploited

An attacker with network access (adjacent network or remote, depending on device configuration) can send specially crafted requests to the device to trigger information disclosure. No authentication is required. The leaked data could include system settings, credentials, or cryptographic keys that enable further attacks on connected industrial equipment.

Prerequisites

Network access to the affected RUGGEDCOM device (Layer 2 or Layer 3, depending on deployment)
No credentials required
Device running affected firmware version

Remotely exploitableNo authentication requiredLow complexity attackAffects confidentiality of critical system dataMultiple products have no fix available (end-of-life models)High attack surface—many devices in typical utility environments

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (136)

124 with fix12 pending

ProductAffected VersionsFix Status

RUGGEDCOM i800< 4.3.104.3.10

RUGGEDCOM i800NC< 4.3.104.3.10

RUGGEDCOM i801< 4.3.104.3.10

RUGGEDCOM i801NC< 4.3.104.3.10

RUGGEDCOM i802< 4.3.104.3.10

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM devices running V4.X firmware to version 4.3.10 or later

HOTFIXUpdate RUGGEDCOM devices running V5.X firmware to version 5.9.0 or later

Long-term hardening

0/1

RUGGEDCOM RS900

HARDENINGFor RUGGEDCOM RS900L, RS900LNC, RS910L, RS910LNC, RS920L, RS920LNC, RS920W, RS930L, RS930LNC, RS930W, and RS969/RS969NC models with no available fix, implement network segmentation to restrict access to these devices to authorized management traffic only

CVEs (4)

CVE-2023-52237 CVE-2023-52238 CVE-2024-38278 CVE-2024-39675

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1d7e5f37-a8f6-4330-8c35-ad4a981f98d7