CVE-2014-2590

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-2590
The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01 Permissions Required Third Party Advisory US Government Resource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf Broken Link Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rs950g:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rsg2488:-:*:*:*:*:*:*:*
History

01 Feb 2022, 16:53

Type Values Removed Values Added
References (MISC) http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01 - US Government Resource (MISC) http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01 - Permissions Required, Third Party Advisory, US Government Resource
References (CONFIRM) http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf - Vendor Advisory (CONFIRM) http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf - Broken Link, Vendor Advisory
CWE CWE-20 CWE-306
First Time Siemens ruggedcom Rs950g
Siemens ruggedcom Rsg2488
CPE cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.2.5:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.8.5:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.4.9:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.7.9:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.10.1:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.9.3:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.3.6:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:4.0:*:*:*:*:*:rsg2488:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.11:*:*:*:*:*:rs950g:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.6.6:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.12:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.5.4:*:*:*:*:*:*:*		 cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rs950g:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rsg2488:-:*:*:*:*:*:*:*
Information

Published : 2014-04-01 06:29

Updated : 2023-12-10 11:31

NVD link : CVE-2014-2590

Mitre link : CVE-2014-2590

CVE.ORG link : CVE-2014-2590

JSON object : View

Products Affected

siemens

  • ruggedcom_rsg2488
  • ruggedcom_rugged_operating_system
  • ruggedcom_rs950g
CWE
CWE-306

Missing Authentication for Critical Function