#VU65357 Code Injection in Siemens Hardware solutions
Vulnerability identifier: #VU65357
Vulnerability risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-94
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
RUGGEDCOM ROS i800
Hardware solutions /
Firmware
RUGGEDCOM ROS i801
Hardware solutions /
Firmware
RUGGEDCOM ROS i802
Hardware solutions /
Firmware
RUGGEDCOM ROS i803
Hardware solutions /
Firmware
RUGGEDCOM ROS M969
Hardware solutions /
Firmware
RUGGEDCOM ROS M2100
Hardware solutions /
Firmware
RUGGEDCOM ROS M2200
Hardware solutions /
Firmware
RUGGEDCOM ROS RMC
Hardware solutions /
Firmware
RUGGEDCOM ROS RMC20
Hardware solutions /
Firmware
RUGGEDCOM ROS RMC30
Hardware solutions /
Firmware
RUGGEDCOM ROS RMC40
Hardware solutions /
Firmware
RUGGEDCOM ROS RMC41
Hardware solutions /
Firmware
RUGGEDCOM ROS RP110
Hardware solutions /
Firmware
RUGGEDCOM ROS RS400
Hardware solutions /
Firmware
RUGGEDCOM ROS RS401
Hardware solutions /
Firmware
RUGGEDCOM ROS RS416
Hardware solutions /
Firmware
RUGGEDCOM ROS RS900G
Hardware solutions /
Firmware
RUGGEDCOM ROS RS900GP
Hardware solutions /
Firmware
RUGGEDCOM ROS RS900L
Hardware solutions /
Firmware
RUGGEDCOM ROS RS900W
Hardware solutions /
Firmware
RUGGEDCOM ROS RS910
Hardware solutions /
Firmware
RUGGEDCOM ROS RS910L
Hardware solutions /
Firmware
RUGGEDCOM ROS RS910W
Hardware solutions /
Firmware
RUGGEDCOM ROS RS920L
Hardware solutions /
Firmware
RUGGEDCOM ROS RS920W
Hardware solutions /
Firmware
RUGGEDCOM ROS RS930L
Hardware solutions /
Firmware
RUGGEDCOM ROS RS930W
Hardware solutions /
Firmware
RUGGEDCOM ROS RS940G
Hardware solutions /
Firmware
RUGGEDCOM ROS RS969
Hardware solutions /
Firmware
RUGGEDCOM ROS RS8000
Hardware solutions /
Firmware
RUGGEDCOM ROS RS8000A
Hardware solutions /
Firmware
RUGGEDCOM ROS RS8000H
Hardware solutions /
Firmware
RUGGEDCOM ROS RS8000T
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG2100
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG2100P
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG2200
Hardware solutions /
Firmware
RUGGEDCOM ROS RMC8388
Hardware solutions /
Firmware
RUGGEDCOM ROS RS416V2
Hardware solutions /
Firmware
RUGGEDCOM ROS RS900 (32M)
Hardware solutions /
Firmware
RUGGEDCOM ROS RS900G (32M)
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG907R
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG908C
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG909R
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG910C
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG920P
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG2100 (32M)
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG2288
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG2300
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG2300P
Hardware solutions /
Firmware
RUGGEDCOM ROS RSG2488
Hardware solutions /
Firmware
RUGGEDCOM ROS RSL910
Hardware solutions /
Firmware
RUGGEDCOM ROS RST916C
Hardware solutions /
Firmware
RUGGEDCOM ROS RST916P
Hardware solutions /
Firmware
RUGGEDCOM ROS RST2228
Hardware solutions /
Firmware
RUGGEDCOM ROS RST2228P
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Siemens
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the console. A remote user can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
RUGGEDCOM ROS i800: All versions
RUGGEDCOM ROS i801: All versions
RUGGEDCOM ROS i802: All versions
RUGGEDCOM ROS i803: All versions
RUGGEDCOM ROS M969: All versions
RUGGEDCOM ROS M2100: All versions
RUGGEDCOM ROS M2200: All versions
RUGGEDCOM ROS RMC: All versions
RUGGEDCOM ROS RMC20: All versions
RUGGEDCOM ROS RMC30: All versions
RUGGEDCOM ROS RMC40: All versions
RUGGEDCOM ROS RMC41: All versions
RUGGEDCOM ROS RP110: All versions
RUGGEDCOM ROS RS400: All versions
RUGGEDCOM ROS RS401: All versions
RUGGEDCOM ROS RS416: All versions
RUGGEDCOM ROS RS900G: All versions
RUGGEDCOM ROS RS900GP: All versions
RUGGEDCOM ROS RS900L: All versions
RUGGEDCOM ROS RS900W: All versions
RUGGEDCOM ROS RS910: All versions
RUGGEDCOM ROS RS910L: All versions
RUGGEDCOM ROS RS910W: All versions
RUGGEDCOM ROS RS920L: All versions
RUGGEDCOM ROS RS920W: All versions
RUGGEDCOM ROS RS930L: All versions
RUGGEDCOM ROS RS930W: All versions
RUGGEDCOM ROS RS940G: All versions
RUGGEDCOM ROS RS969: All versions
RUGGEDCOM ROS RS8000: All versions
RUGGEDCOM ROS RS8000A: All versions
RUGGEDCOM ROS RS8000H: All versions
RUGGEDCOM ROS RS8000T: All versions
RUGGEDCOM ROS RSG2100: All versions
RUGGEDCOM ROS RSG2100P: All versions
RUGGEDCOM ROS RSG2200: All versions
External links
http://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
