Resource exhaustion in Siemens products - CVE-2022-39158
Published: September 14, 2022 / Updated: November 11, 2022
Vulnerability identifier: #VU67314
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-39158
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RUGGEDCOM ROS RMC8388
RUGGEDCOM ROS RS416Pv2
RUGGEDCOM ROS RS416V2
RUGGEDCOM ROS RS900
RUGGEDCOM ROS RS900G
RUGGEDCOM ROS RSG907R
RUGGEDCOM ROS RSG908C
RUGGEDCOM ROS RSG909R
RUGGEDCOM ROS RSG910C
RUGGEDCOM ROS RSG920P
RUGGEDCOM ROS RSG2100
RUGGEDCOM ROS RSG2288
RUGGEDCOM ROS RSG2300
RUGGEDCOM ROS RSG2300P
RUGGEDCOM ROS RSG2488
RUGGEDCOM ROS RSL910
RUGGEDCOM ROS RST916C
RUGGEDCOM ROS RST916P
RUGGEDCOM ROS RST2228
RUGGEDCOM ROS RST2228P
RUGGEDCOM ROS RMC8388
RUGGEDCOM ROS RS416Pv2
RUGGEDCOM ROS RS416V2
RUGGEDCOM ROS RS900
RUGGEDCOM ROS RS900G
RUGGEDCOM ROS RSG907R
RUGGEDCOM ROS RSG908C
RUGGEDCOM ROS RSG909R
RUGGEDCOM ROS RSG910C
RUGGEDCOM ROS RSG920P
RUGGEDCOM ROS RSG2100
RUGGEDCOM ROS RSG2288
RUGGEDCOM ROS RSG2300
RUGGEDCOM ROS RSG2300P
RUGGEDCOM ROS RSG2488
RUGGEDCOM ROS RSL910
RUGGEDCOM ROS RST916C
RUGGEDCOM ROS RST916P
RUGGEDCOM ROS RST2228
RUGGEDCOM ROS RST2228P
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.