Siemens RUGGEDCOM ROS DoS Vulnerability Advisory (SSA-787941)

Key Information Summary Vulnerability Overview Vulnerability ID: SSA-787941 Impact: RUGGEDCOM ROS devices are affected by a Denial of Service (DoS) vulnerability. By sending partial HTTP requests, an attacker can cause the affected web server to wait for a complete HTTP request, thereby consuming all available HTTP connections and leading to service disruption. CVSS Score: v3.1 Base Score: 5.3, v2.0 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:P Affected Products and Versions Multiple RUGGEDCOM products and versions are affected, including but not limited to: - RUGGEDCOM MARSF - RUGGEDCOM M210F - RUGGEDCOM M260F - RUGGEDCOM ROS V4.X family - RUGGEDCOM ROS V5.X family - RUGGEDCOM RS400F - RUGGEDCOM RS810F - etc. Current Fix Status For most affected products, there are currently no planned fixes. Users are advised to refer to the "Workarounds and Mitigations" section for recommended actions. Mitigation Measures and Recommendations General Mitigation Measures: - Restrict access to ports 80/tcp and 443/tcp, allowing access only from trusted IP addresses. - If the web browser functionality is not required, disable it; if supported by the product, consider disabling this feature. General Security Recommendations: - Follow Siemens’ operational security guidelines to configure devices for enhanced security in industrial environments. - Visit https://www.siemens.com/cybersecurity for more information on industrial security. Historical Data This security advisory has undergone multiple updates, from V1.0 to V1.5, with each update adding new affected products or correcting known issues. Additional Information For more information on security vulnerabilities related to Siemens products and solutions, contact Siemens ProductCERT.

Goal Reached Thanks to every supporter — we hit 100%!

Siemens RUGGEDCOM ROS DoS Vulnerability Advisory (SSA-787941)