Denial of Service Vulnerability in RUGGEDCOM ROS before V5.6.0
Monitor5.3SSA-459643Sep 13, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
RUGGEDCOM ROS-based devices contain a denial of service vulnerability in their web servers. An attacker can send partial HTTP requests indefinitely without completing them, causing the web server to wait for request completion and exhaust all available HTTP connections. The web server recovers automatically once the attack ends.
What this means
What could happen
An attacker could make the web server on a RUGGEDCOM switch unresponsive by flooding it with incomplete HTTP requests, preventing legitimate administrative access and management of the network device until the attack stops.
Who's at risk
This affects organizations using Siemens RUGGEDCOM industrial switches and routers (RST, RSG, RS, and RMC models) in mission-critical network infrastructure for utilities, manufacturing, and other industrial facilities. Vulnerability prevents remote administration of these network devices.
How it could be exploited
An attacker with network access to the web server port on a RUGGEDCOM device (typically port 80 or 443) sends specially crafted HTTP requests that are never completed. The server holds open connections waiting for each request to finish, eventually exhausting all available connection slots and becoming unresponsive to new requests.
Prerequisites
- Network access to HTTP/HTTPS port on the RUGGEDCOM device
- No authentication required
Remotely exploitableNo authentication requiredLow attack complexityAffects network infrastructure availabilityNo patch available for some product variants
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (32)
27 with fix3 pending2 EOL
ProductAffected VersionsFix Status
RUGGEDCOM RST916C< V5.6.05.6.0
RUGGEDCOM RST916P< V5.6.05.6.0
RUGGEDCOM RMC8388 V5.X< V5.6.05.6.0
RUGGEDCOM RS416Pv2< V5.6.05.6.0
RUGGEDCOM RS416v2< V5.6.05.6.0
Remediation & Mitigation
0/3
Do now
0/1HARDENINGImplement network access controls to restrict HTTP/HTTPS access to RUGGEDCOM web management interfaces to authorized administrative networks only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate RUGGEDCOM devices to V5.6.0 or later (RST916C, RST916P, RMC8388, RS416Pv2, RS416v2, RS900, RS900G, RSG2100, RSG2288, RSG2300, RSG2300P, RSG2488, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSL910, RST2228, RST2228P)
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: RUGGEDCOM RS416NC v2, RUGGEDCOM RS416PNC v2. Apply the following compensating controls:
HARDENINGFor end-of-life product variants without patches (RST2228NC, RMC8388NC, RS416NC v2, RS416PNC v2, RS900GNC, RS900NC, RSG2100NC, RSG2288NC, RSG2300NC, RSG2300PNC, RSG2488NC, RSG920PNC, RSL910NC), consider network segmentation or replacement with supported versions
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/560b5be0-cadf-47b8-b2da-0d8705eaa903