​Resource Allocation in Siemens RUGGEDCOM

1. EXECUTIVE SUMMARY

  • ​CVSS v3 7.5
  • ​ATTENTION: Exploitable remotely/low attack complexity
  • ​Vendor: Siemens
  • ​Equipment: RUGGEDCOM
  • ​Vulnerability: Allocation of Resources without Limits or Throttling

2. RISK EVALUATION

​Successful exploitation of this vulnerability could allow an unauthorized attacker to cause total loss of availability in the affected devices’ web server.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following products from Siemens are affected:

  • ​RUGGEDCOM i800: All versions prior to V4.3.8
  • ​RUGGEDCOM i800NC: All versions prior to V4.3.8
  • ​RUGGEDCOM i801: All versions prior to V4.3.8
  • ​RUGGEDCOM i801NC: All versions prior to V4.3.8
  • ​RUGGEDCOM i802: All versions prior to V4.3.8
  • ​RUGGEDCOM i802NC: All versions prior to V4.3.8
  • ​RUGGEDCOM i803: All versions prior to V4.3.8
  • ​RUGGEDCOM i803NC: All versions prior to V4.3.8
  • ​RUGGEDCOM M2100: All versions prior to V4.3.8
  • ​RUGGEDCOM M2100F: All versions
  • ​RUGGEDCOM M2100NC: All versions prior to V4.3.8
  • ​RUGGEDCOM M2200: All versions prior to V4.3.8
  • ​RUGGEDCOM M2200F: All versions
  • ​RUGGEDCOM M2200NC: All versions prior to V4.3.8
  • ​RUGGEDCOM M969: All versions prior to V4.3.8
  • ​RUGGEDCOM M969F: All versions
  • ​RUGGEDCOM M969NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RMC30: All versions prior to V4.3.8
  • ​RUGGEDCOM RMC30NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RMC8388 V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RMC8388 V5.X: All versions
  • ​RUGGEDCOM RMC8388NC V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RMC8388NC V5.X: All versions
  • ​RUGGEDCOM RP110: All versions prior to V4.3.8
  • ​RUGGEDCOM RP110NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS1600: All versions prior to V4.3.8
  • ​RUGGEDCOM RS1600F: All versions prior to V4.3.8
  • ​RUGGEDCOM RS1600FNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS1600NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS1600T: All versions prior to V4.3.8
  • ​RUGGEDCOM RS1600TNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS400: All versions prior to V4.3.8
  • ​RUGGEDCOM RS400F: All versions
  • ​RUGGEDCOM RS400NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS401: All versions prior to V4.3.8
  • ​RUGGEDCOM RS401NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS416: All versions prior to V4.3.8
  • ​RUGGEDCOM RS416F: All versions
  • ​RUGGEDCOM RS416NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS416NC v2: All versions
  • ​RUGGEDCOM RS416P: All versions prior to V4.3.8
  • ​RUGGEDCOM RS416PF: All versions
  • ​RUGGEDCOM RS416PNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS416PNC v2: All versions
  • ​RUGGEDCOM RS416Pv2: All versions
  • ​RUGGEDCOM RS416v2: All versions
  • ​RUGGEDCOM RS8000: All versions prior to V4.3.8
  • ​RUGGEDCOM RS8000A: All versions prior to V4.3.8
  • ​RUGGEDCOM RS8000ANC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS8000H: All versions prior to V4.3.8
  • ​RUGGEDCOM RS8000HNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS8000NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS8000T: All versions prior to V4.3.8
  • ​RUGGEDCOM RS8000TNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900 (32M) V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900 (32M) V5.X: All versions
  • ​RUGGEDCOM RS900F: All versions
  • ​RUGGEDCOM RS900G: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900G (32M) V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900G (32M) V5.X: All versions
  • ​RUGGEDCOM RS900GF: All versions
  • ​RUGGEDCOM RS900GNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900GNC(32M) V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900GNC(32M) V5.X: All versions
  • ​RUGGEDCOM RS900GP: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900GPF: All versions
  • ​RUGGEDCOM RS900GPNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900L: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900LNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900M-GETS-C01: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900M-GETS-XX: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900M-STND-C01: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900M-STND-XX: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900MNC-GETS-C01: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900MNC-GETS-XX: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900MNC-STND-XX: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900MNC-STND-XX-C01: All versions prior to V4.3.8 
  • ​RUGGEDCOM RS900NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900NC (32M) V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RS900NC (32M) V5.X: All versions
  • ​RUGGEDCOM RS900W: All versions prior to V4.3.8
  • ​RUGGEDCOM RS910: All versions prior to V4.3.8
  • ​RUGGEDCOM RS910L: All versions prior to V4.3.8
  • ​RUGGEDCOM RS910LNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS910NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS910W: All versions prior to V4.3.8
  • ​RUGGEDCOM RS920L: All versions prior to V4.3.8
  • ​RUGGEDCOM RS920LNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS920W: All versions prior to V4.3.8
  • ​RUGGEDCOM RS930L: All versions prior to V4.3.8
  • ​RUGGEDCOM RS930LNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS930W: All versions prior to V4.3.8
  • ​RUGGEDCOM RS940G: All versions prior to V4.3.8
  • ​RUGGEDCOM RS940GF: All versions
  • ​RUGGEDCOM RS940GNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RS969: All versions prior to V4.3.8
  • ​RUGGEDCOM RS969NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2100: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2100 (32M) V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2100 (32M) V5.X: All versions
  • ​RUGGEDCOM RSG2100F: All versions
  • ​RUGGEDCOM RSG2100NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2100NC (32M) V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2100NC (32M) V5.X: All versions
  • ​RUGGEDCOM RSG2100P: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2100PF: All versions
  • ​RUGGEDCOM RSG2100PNC: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2200: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2200F: All versions
  • ​RUGGEDCOM RSG2200NC: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2288 V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2288 V5.X: All versions
  • ​RUGGEDCOM RSG2288NC V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2288NC V5.X: All versions
  • ​RUGGEDCOM RSG2300 V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2300 V5.X: All versions
  • ​RUGGEDCOM RSG2300F: All versions
  • ​RUGGEDCOM RSG2300NC V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2300NC V5.X: All versions
  • ​RUGGEDCOM RSG2300P V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2300P V5.X: All versions
  • ​RUGGEDCOM RSG2300PF: All versions
  • ​RUGGEDCOM RSG2300PNC V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2300PNC V5.X: All versions
  • ​RUGGEDCOM RSG2488 V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2488 V5.X: All versions
  • ​RUGGEDCOM RSG2488F: All versions
  • ​RUGGEDCOM RSG2488NC V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG2488NC V5.X: All versions
  • ​RUGGEDCOM RSG907R: All versions
  • ​RUGGEDCOM RSG908C: All versions
  • ​RUGGEDCOM RSG909R: All versions
  • ​RUGGEDCOM RSG910C: All versions
  • ​RUGGEDCOM RSG920P V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG920P V5.X: All versions
  • ​RUGGEDCOM RSG920PNC V4.X: All versions prior to V4.3.8
  • ​RUGGEDCOM RSG920PNC V5.X: All versions
  • ​RUGGEDCOM RSL910: All versions
  • ​RUGGEDCOM RSL910NC: All versions
  • ​RUGGEDCOM RST2228: All versions
  • ​RUGGEDCOM RST2228P: All versions
  • ​RUGGEDCOM RST916C: All versions
  • ​RUGGEDCOM RST916P: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 ​ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770

​The affected devices’ web server contains a vulnerability that could lead to a denial-of-service condition. An attacker could cause total loss of web server availability, which could recover after the attack.

CVE-2023-39269 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

  • ​CRITICAL INFRASTRUCTURE SECTORS: Multiple
  • ​COUNTRIES/AREAS DEPLOYED: Worldwide
  • ​COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

​Siemens reported this vulnerability to CISA.

4. MITIGATIONS

​Siemens released updates for several affected products and recommends updating to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not or are not currently available:

​As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

​Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

​For more information see the associated Siemens security advisory SSA-770902 in HTML and CSAF.

​CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

  • ​Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
  • ​Locate control system networks and remote devices behind firewalls and isolate them from business networks.
  • ​When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

​CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

​CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

​Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

​Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

​No known public exploits specifically target this vulnerability.

CLICK FOR MORE INFORMATION