Third-Party Component Vulnerabilities in RUGGEDCOM ROS

Act Now9.6SSA-256353Mar 8, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities in third-party components used in RUGGEDCOM Operating System (ROS) firmware affect a wide range of Siemens industrial Ethernet switches. These vulnerabilities (CWE-79, CWE-208, CWE-358, CWE-122, CWE-190, CWE-754) could allow a network-based attacker to cause denial-of-service, intercept traffic (man-in-the-middle), retrieve sensitive information including credentials, or gain unauthorized administrative access. Siemens has released patched versions (4.3.8 for V4.X and 5.6.0 for V5.X firmware series) for most affected products. Products designated with 'F' (field-proven or specialized variants) are end-of-life and will not receive firmware updates.

What this means

What could happen

An attacker with network access to RUGGEDCOM switches could exploit third-party component vulnerabilities to perform denial-of-service attacks, intercept network traffic, steal credentials, or gain administrative control over the device, potentially disrupting communication between field devices and control systems.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using RUGGEDCOM Industrial Ethernet switches (i-series, M-series, RP-series, RS-series, or RSG-series) for network connectivity between control systems, RTUs, and HMI workstations should assess their inventory immediately.

How it could be exploited

An attacker on the network sends a malicious request to a RUGGEDCOM switch exploiting a third-party component vulnerability (such as a buffer overflow, logic flaw, or cryptographic weakness). The attack requires network-level access to the device's management or data plane interfaces. No special credentials or user interaction are required for most variants.

Prerequisites

Network access to the RUGGEDCOM device (management or data interfaces)
Device running affected firmware version (4.3.7 or earlier for V4.X, or 5.5.x or earlier for V5.X devices)

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (9.6)Large number of affected productsNo patch available for end-of-life variantsAffects industrial network infrastructure

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (152)

136 with fix16 pending

ProductAffected VersionsFix Status

RUGGEDCOM i800< 4.3.84.3.8

RUGGEDCOM i800NC< 4.3.84.3.8

RUGGEDCOM i801< 4.3.84.3.8

RUGGEDCOM i801NC< 4.3.84.3.8

RUGGEDCOM i802< 4.3.84.3.8

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGFor RUGGEDCOM devices with 'F' designation (M969F, M2100F, M2200F, RS400F, RS416F, RS900F, RS900GF, RS900GPF, RS940GF, RSG2100F, RSG2100PF, RSG2200F, RSG2300F, RSG2300PF, RSG2488F) where no firmware fix is available, implement network segmentation to isolate affected devices from untrusted networks

HARDENINGImplement firewall rules to restrict network access to RUGGEDCOM management ports, allowing only authorized engineering and operations workstations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM devices to firmware version 4.3.8 or later (V4.X series)

HOTFIXUpdate RUGGEDCOM devices to firmware version 5.6.0 or later (V5.X series)

Long-term hardening

0/1

HARDENINGDisable unused management interfaces or services on RUGGEDCOM switches to reduce attack surface

CVEs (6)

CVE-2021-37208 CVE-2021-42016 CVE-2021-42017 CVE-2021-42018 CVE-2021-42019 CVE-2021-42020

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3ebdaed5-0d63-42c4-acb7-1d1bc86906c9