The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01 | Permissions Required Third Party Advisory US Government Resource |
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf | Broken Link Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
01 Feb 2022, 16:53
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01 - Permissions Required, Third Party Advisory, US Government Resource | |
References | (CONFIRM) http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf - Broken Link, Vendor Advisory | |
CWE | CWE-306 | |
First Time |
Siemens ruggedcom Rs950g
Siemens ruggedcom Rsg2488 |
|
CPE | cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.8.5:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.4.9:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.7.9:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.10.1:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.9.3:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.3.6:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:4.0:*:*:*:*:*:rsg2488:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.11:*:*:*:*:*:rs950g:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.6.6:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.12:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:3.5.4:*:*:*:*:*:*:* |
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:ruggedcom_rs950g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:ruggedcom_rsg2488:-:*:*:*:*:*:*:* |
Information
Published : 2014-04-01 06:29
Updated : 2023-12-10 11:31
NVD link : CVE-2014-2590
Mitre link : CVE-2014-2590
CVE.ORG link : CVE-2014-2590
JSON object : View
Products Affected
siemens
- ruggedcom_rsg2488
- ruggedcom_rugged_operating_system
- ruggedcom_rs950g
CWE
CWE-306
Missing Authentication for Critical Function