CVE-2014-2590
published 2014-04-01CVE-2014-2590: The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.41%
82.1th percentile
The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | ruggedcom_rugged_operating_system | < 3.11.0 | 3.11.0 |
| siemens | ruggedcom_rugged_operating_system | < 3.11.5 | 3.11.5 |
| siemens | ruggedcom_rugged_operating_system | < 4.1.0 | 4.1.0 |
| siemens | ruggedcom_rugged_operating_system | >= 3.12 < 3.12.4 | 3.12.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens ROS Improper Input Validation (Update A)
cisa_ics·2018-09-06
Siemens ROS Improper Input Validation (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens ROS Improper Input Validation (Update A)
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-087-01A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-14-087-01 Siemens ROS Improper Input Validation that was published March 28, 2014, on the NCCIC/ICS-CERT web site.
Researcher Aivar Liimets from Martem Telecontrol Systems reported an improper input validation vulnerability in the Siemens Rugged Operating System (ROS), which could cause a denial-of-service (DoS) condition against the device’s management web interface. Siemens coordinated t
GHSA
GHSA-xvxr-fcpp-g423: The web management interface in Siemens RuggedCom ROS before 3
ghsa_unreviewed·2022-05-13
CVE-2014-2590 [MEDIUM] CWE-306 GHSA-xvxr-fcpp-g423: The web management interface in Siemens RuggedCom ROS before 3
The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdfhttp://ics-cert.us-cert.gov/advisories/ICSA-14-087-01http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf
2014-04-01
Published