Denial of Service Vulnerability in RUGGEDCOM ROS V4 
Indian - Computer Emergency Response Team (cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

RUGGEDCOM ROS i800 V4.X: All versions
RUGGEDCOM ROS i801 V4.X: All versions
RUGGEDCOM ROS i802 V4.X: All versions
RUGGEDCOM ROS i803 V4.X: All versions
RUGGEDCOM ROS RMC30 V4.X: All versions
RUGGEDCOM ROS RMC8388 V4.X: All versions
RUGGEDCOM ROS RP110 V4.X: All versions
RUGGEDCOM ROS RS400 V4.X: All versions
RUGGEDCOM ROS RS401 V4.X: All versions
RUGGEDCOM ROS RS416Pv2 V4.X: All versions
RUGGEDCOM ROS RS416v2 V4.X: All versions
RUGGEDCOM ROS RS900 (32M) V4.X: All versions
RUGGEDCOM ROS RS900 V4.X: All versions
RUGGEDCOM ROS RS900G (32M) V4.X: All versions
RUGGEDCOM ROS RS900G V4.X: All versions
RUGGEDCOM ROS RS900GP V4.X: All versions
RUGGEDCOM ROS RS900L V4.X: All versions
RUGGEDCOM ROS RS900M V4.X: All versions
RUGGEDCOM ROS RS900W V4.X: All versions
RUGGEDCOM ROS RS910 V4.X: All versions
RUGGEDCOM ROS RS910L V4.X: All versions
RUGGEDCOM ROS RS910W V4.X: All versions
RUGGEDCOM ROS RS920L V4.X: All versions
RUGGEDCOM ROS RS920W V4.X: All versions
RUGGEDCOM ROS RS930L V4.X: All versions
RUGGEDCOM ROS RS930W V4.X: All versions
RUGGEDCOM ROS RS940G V4.X: All versions
RUGGEDCOM ROS RS1600 V4.X: All versions
RUGGEDCOM ROS RS1600F V4.X: All versions
RUGGEDCOM ROS RS1600T V4.X: All versions
RUGGEDCOM ROS RS8000 V4.X: All versions
RUGGEDCOM ROS RS8000A V4.X: All versions
RUGGEDCOM ROS RS8000H V4.X: All versions
RUGGEDCOM ROS RS8000T V4.X: All versions
RUGGEDCOM ROS RSG920P V4.X: All versions
RUGGEDCOM ROS RSG2100 (32M) V4.X: All versions
RUGGEDCOM ROS RSG2100 V4.X: All versions
RUGGEDCOM ROS RSG2100P V4.X: All versions
RUGGEDCOM ROS RSG2200 V4.X: All versions
RUGGEDCOM ROS RSG2288 V4.X: All versions
RUGGEDCOM ROS RSG2300 V4.X: All versions
RUGGEDCOM ROS RSG2300P V4.X: All versions
RUGGEDCOM ROS RSG2488 V4.X: All versions
Overview

A vulnerability has been reported in Siemen products which could allow a
remote attacker to cause a Denial-of-service condition (slowloris) on the
targeted system.

Description

This vulnerability exists in Siemen products due to improper input
validation in the RUGGEDCOM ROS-based V4 devices. A remote attacker could
exploit this vulnerability by sending a crafted HTTP request to the web
interface of an affected device.

Successful exploitation of this vulnerability could allow a remote attacker
to cause a Denial-of-service condition (slowloris) on the targeted system.

Workaround

The user may apply the following workaround to reduce the risk, as provided
by the vendor.

Restrict access to port 80/tcp and 443/tcp to trusted IP addresses only.
Deactivate the webserver if not required, and if deactivation is supported
by the product.
Vendor Information

SIEMENS

References

SIEMENS

CVE Name
CVE-2022-39158


About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

View all posts [..]

Related Posts

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top