Siemens Updates ROS Vulnerability

Wednesday, May 28, 2014 @ 05:05 PM gHale


Siemens mitigated its improper input validation vulnerability in its Rugged Operating System (ROS), according to a report on ICS-CERT.

Researcher Aivar Liimets from Martem Telecontrol Systems first reported the remotely exploitable vulnerability in Mach, which could cause a denial-of-service (DoS) condition against the device’s management web interface.

RELATED STORIES
Emerson Fixes DeltaV Vulnerabilities
RuggedCom ROX-based Device Vulnerability
Wonderware Patches Heartbleed Hole
CSWorks Fixes SQL Injection Vulnerability

The following Siemens ROS versions suffer from the issue:
• All ROS versions prior to v3.11
• ROS v3.11 (for product RS950G): all versions prior to ROS v3.11.5
• ROS v3.12: all versions prior to ROS v3.12.4
• ROS v4.0 (for product RSG2488): all versions prior to ROS v4.1.0

A vulnerability in the implementation of the web interface might allow attackers to perform a DoS attack on the affected devices over the network without prior authentication. The switching functionality of the device is not an issue.

Siemens is an international company headquartered in Munich, Germany.

The affected products, RuggedCom switches and serial-to-Ethernet devices, connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets. According to Siemens, RuggedCom ROS-based products see use across several sectors including energy, healthcare and public health, and transportation systems.

The implementation of the web server (Port 80/TCP) in the affected devices might allow attackers to perform a DoS attack against the device’s management web interface by sending specially crafted packets over the network without prior authentication. Only the web interface ends up affected. A manual cold restart of the device is necessary to regain access to the web management interface.

This vulnerability does not affect HTTPS (Port 443/TCP).

CVE-2014-2590 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 5.0.

No known public exploits specifically target this vulnerability. An attacker with a low skill would be able to exploit this vulnerability.

Siemens has provided the following mitigations:

Siemens/RuggedCom provide firmware updates ROS v3.11.5, ROS v3.12.4, and ROS v4.1.0; which fix the vulnerability for RS950G products running ROS v3.11, products running ROS v3.12 and prior, and RSG2488 products running ROS v4.0.

As a general security measure, Siemens recommends protecting network access to the management interface of RuggedCom devices with appropriate mechanisms. Users should follow recommended security practices and configure the environment according to operational guidelines in order to run the devices in a protected IT environment.

The firmware updates for the RuggedCom ROS-based devices can be obtained for free from the following contact points:
Support request
or
Automation technology

Click here for the Siemens ProductCERT advisory.



Leave a Reply

You must be logged in to post a comment.