Remote code execution in Siemens RUGGEDCOM ROS

1) Code Injection

EUVDB-ID: #VU65357

Risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-34663

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the console. A remote user can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RUGGEDCOM ROS i800: All versions

RUGGEDCOM ROS i801: All versions

RUGGEDCOM ROS i802: All versions

RUGGEDCOM ROS i803: All versions

RUGGEDCOM ROS M969: All versions

RUGGEDCOM ROS M2100: All versions

RUGGEDCOM ROS M2200: All versions

RUGGEDCOM ROS RMC: All versions

RUGGEDCOM ROS RMC20: All versions

RUGGEDCOM ROS RMC30: All versions

RUGGEDCOM ROS RMC40: All versions

RUGGEDCOM ROS RMC41: All versions

RUGGEDCOM ROS RP110: All versions

RUGGEDCOM ROS RS400: All versions

RUGGEDCOM ROS RS401: All versions

RUGGEDCOM ROS RS416: All versions

RUGGEDCOM ROS RS900G: All versions

RUGGEDCOM ROS RS900GP: All versions

RUGGEDCOM ROS RS900L: All versions

RUGGEDCOM ROS RS900W: All versions

RUGGEDCOM ROS RS910: All versions

RUGGEDCOM ROS RS910L: All versions

RUGGEDCOM ROS RS910W: All versions

RUGGEDCOM ROS RS920L: All versions

RUGGEDCOM ROS RS920W: All versions

RUGGEDCOM ROS RS930L: All versions

RUGGEDCOM ROS RS930W: All versions

RUGGEDCOM ROS RS940G: All versions

RUGGEDCOM ROS RS969: All versions

RUGGEDCOM ROS RS8000: All versions

RUGGEDCOM ROS RS8000A: All versions

RUGGEDCOM ROS RS8000H: All versions

RUGGEDCOM ROS RS8000T: All versions

RUGGEDCOM ROS RSG2100: All versions

RUGGEDCOM ROS RSG2100P: All versions

RUGGEDCOM ROS RSG2200: All versions

RUGGEDCOM ROS RMC8388: before 5.6.0

RUGGEDCOM ROS RS416V2: before 5.6.0

RUGGEDCOM ROS RS900 (32M): before 5.6.0

RUGGEDCOM ROS RS900G (32M): before 5.6.0

RUGGEDCOM ROS RSG907R: before 5.6.0

RUGGEDCOM ROS RSG908C: before 5.6.0

RUGGEDCOM ROS RSG909R: before 5.6.0

RUGGEDCOM ROS RSG910C: before 5.6.0

RUGGEDCOM ROS RSG920P: before 5.6.0

RUGGEDCOM ROS RSG2100 (32M): before 5.6.0

RUGGEDCOM ROS RSG2288: before 5.6.0

RUGGEDCOM ROS RSG2300: before 5.6.0

RUGGEDCOM ROS RSG2300P: before 5.6.0

RUGGEDCOM ROS RSG2488: before 5.6.0

RUGGEDCOM ROS RSL910: before 5.6.0

RUGGEDCOM ROS RST916C: before 5.6.0

RUGGEDCOM ROS RST916P: before 5.6.0

RUGGEDCOM ROS RST2228: before 5.6.0

RUGGEDCOM ROS RST2228P: before 5.6.0

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.