Siemens ROS Improper Input Validation

Monday, March 31, 2014 @ 11:03 PM gHale


Siemens mitigated an improper input validation vulnerability in its Siemens Rugged Operating System (ROS), which could cause a denial-of-service (DoS) condition against the device’s management web interface, according to a report on ICS-CERT.

Researcher Aivar Liimets from Martem Telecontrol Systems discovered the remotely exploitable vulnerability.

RELATED STORIES
Schneider Modbus Driver Buffer Overflow
Siemens Fixes SIMATIC PLC Holes
SIMATIC S7-1200 CPU Vulnerabilities Fixed
Sielco Sistemi Fixes Winlog Holes

The following Siemens ROS versions suffer from the issue:
• All ROS versions prior to v3.11,
• ROS v3.11 (for product RS950G): all versions prior to ROS v3.11.5,
• ROS v3.12: all versions, and
• ROS v4.0 (for product RSG2488): all versions.

A vulnerability in the implementation of the web interface could allow attackers to perform a DoS attack on the affected devices over the network without prior authentication. The issue does not affect the switching functionality of the device.

Siemens is an international company headquartered in Munich, Germany.

The affected products, RuggedCom switches and serial-to-Ethernet devices, connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets. According to Siemens, RuggedCom ROS-based products deploy across several sectors including Energy, Healthcare and Public Health, and Transportation Systems.

The implementation of the web server (Port 80/TCP) in the affected devices might allow attackers to perform a DoS attack against the device’s management web interface by sending specially crafted packets over the network without prior authentication. A manual cold restart of the device is necessary to regain access to the web management interface.

This vulnerability does not affect HTTPS (Port 443/TCP).

CVE-2014-2590 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 5.0.

No known public exploits specifically target this vulnerability. An attacker with a low skill would be able to exploit this vulnerability.

Siemens has provided the following mitigations:

Siemens has provided the firmware update ROS v3.11.5 to close the vulnerability. ROS v4.1, which will also close the vulnerability, is in preparation. When the new release is available, customers will end up notified, and there will be an update to this advisory.

For customers operating RS950G devices, they should update to ROS v3.11.5. For customers operating other ROS-based devices, they should secure their devices appropriately until ROS v4.1 releases.

As a general security measure, Siemens strongly recommends protecting network access to the management interface of RuggedCom devices with appropriate mechanisms. Users should follow recommended security practices and configure the environment according to operational guidelines in order to run the devices in a protected IT environment.

The firmware updates for the RuggedCom ROS-based devices are free at the following contact points:

Support request

or

Automation technology

Here is the Siemens ProductCERT advisory.



Leave a Reply

You must be logged in to post a comment.