Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices

Plan Patch7.5SSA-770902Aug 8, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial of service vulnerability in the web server of RUGGEDCOM ROS devices allows an unauthorized attacker to cause total loss of availability. The vulnerability is triggered via the web interface.

What this means

What could happen

An attacker could crash the web server on your RUGGEDCOM device, making it inaccessible for management and monitoring. Depending on the device role, this could prevent operators from accessing critical configuration or status information.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using RUGGEDCOM industrial Ethernet switches and routers for network connectivity in SCADA and field device networks. This affects nearly all RUGGEDCOM ROS product lines including i800 series, M-series media converters, RMC8388, RP110, RS400/RS416/RS900/RS910 series switches, and RSG/RSL/RST series managed switches.

How it could be exploited

An attacker with network access to the web server port on a RUGGEDCOM device can send a specially crafted request to trigger a denial of service condition, causing the web server process to crash and become unavailable.

Prerequisites

Network access to the web server port (typically port 80 or 443) on the RUGGEDCOM device
No authentication required

remotely exploitableno authentication requiredlow complexityaffects network availabilityno patch available for F-series variants

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (152)

136 with fix16 pending

ProductAffected VersionsFix Status

RUGGEDCOM i800< 4.3.84.3.8

RUGGEDCOM i800NC< 4.3.84.3.8

RUGGEDCOM i801< 4.3.84.3.8

RUGGEDCOM i801NC< 4.3.84.3.8

RUGGEDCOM i802< 4.3.84.3.8

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDFor RUGGEDCOM F-series models (M969F, M2100F, M2200F, RS400F, RS416F, RS416PF, RS900F, RS900GF, RS900GPF, RS940GF, RS1600F, RSG2100F, RSG2100PF, RSG2200F, RSG2300F, RSG2300PF, RSG2488F) with no available patches, restrict network access to the web server port using firewall rules to limit exposure

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM devices running firmware version 4.X to version 4.3.8 or later

HOTFIXUpdate RUGGEDCOM devices running firmware version 5.X to version 5.8.0 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict access to RUGGEDCOM web server ports to authorized management networks only

CVEs (1)

CVE-2023-39269

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ce8484c6-b9ba-4286-9b00-ba03d79e264a