Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices

Plan Patch8.1SSA-373591Jul 13, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

A buffer overflow vulnerability exists in a third-party component within RUGGEDCOM ROS devices running firmware version 4.x (before 4.3.7) and 5.x (before 5.5.4). An attacker with network access to an affected device can send a specially crafted packet that causes the buffer to overflow, enabling remote code execution on the device. The vulnerability affects a broad range of RUGGEDCOM industrial router and managed switch products used for network connectivity and device management in field environments.

What this means

What could happen

An attacker with network access to a RUGGEDCOM device could overflow a buffer in a third-party component to execute arbitrary code on the device, potentially altering network configurations, routing rules, or disrupting communications between field devices and control systems.

Who's at risk

Industrial network operators using Siemens RUGGEDCOM ROS devices (industrial routers and switches) in critical infrastructure like water utilities, power generation, and manufacturing. These include the RS series, RSG series, RST series, and other hardened network equipment used for remote site management and field device communication in harsh environments.

How it could be exploited

An attacker sends a crafted network packet to the affected RUGGEDCOM device. The input is not properly validated before being written to a buffer, causing the buffer to overflow and allowing the attacker to execute arbitrary commands with the device's privileges. No authentication is required.

Prerequisites

Network connectivity to the RUGGEDCOM device (can be direct or via routed network)
Device running vulnerable firmware version (V4.x < 4.3.7 or V5.x < 5.5.4)

Remotely exploitableNo authentication requiredHigh CVSS (8.1)Affects industrial network infrastructureBuffer overflow allows code executionBroad product family affected

Exploitability

Moderate exploit probability (EPSS 1.2%)

Affected products (69)

69 with fix

ProductAffected VersionsFix Status

RUGGEDCOM i800<V4.3.74.3.7

RUGGEDCOM i801<V4.3.74.3.7

RUGGEDCOM i802<V4.3.74.3.7

RUGGEDCOM i803<V4.3.74.3.7

RUGGEDCOM M2100<V4.3.74.3.7

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM devices with V4.x firmware to version 4.3.7 or later

HOTFIXUpdate RUGGEDCOM devices with V5.x firmware to version 5.5.4 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to restrict access to RUGGEDCOM management interfaces from untrusted network segments

HARDENINGMonitor network access to RUGGEDCOM devices and disable unnecessary exposed network services if not in use

CVEs (1)

CVE-2021-31895

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4df85b57-0f29-4c63-991d-bdd7f6413899