Details of VAR-201402-0242

ID

VAR-201402-0242

CVE

CVE-2014-1966

TITLE

RuggedCom Rugged Operating System SMTP Protocol Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-01107 // BID: 65625

DESCRIPTION

The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets. RuggedCom Inc is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. RuggedCom Rugged Operating System is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the management services of the devices to become unresponsive resulting in denial-of-service conditions. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany. A resource management error vulnerability exists in the SNMP implementation in Siemens RuggedCom ROS. The following versions are affected: Siemens RuggedCom ROS 3.10.1 and prior, ROS 3.11 for RS950G, ROS 3.12 prior to 3.12.4, ROS 4.0 for RSG2488

Trust: 2.7

sources: NVD: CVE-2014-1966 // JVNDB: JVNDB-2014-001459 // CNVD: CNVD-2014-01107 // BID: 65625 // IVD: 339f3144-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-69905

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 339f3144-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01107

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom rugged operating system	scope:	gte	version:	3.12	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	3.12.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	gt	version:	3.11.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	3.11.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	gt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	4.1.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	3.11.5	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.12.1	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.8.5	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.7.9	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.2.5	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.9.3	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.4.9	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.5.4	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.6.6	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.3.6	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.12.4	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.11 for rs950g	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	4.0 for rsg2488	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	3.12	Trust: 0.8
vendor:	ruggedcom	model:	rugged operating system	scope:	eq	version:	3.x	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.10.1	Trust: 0.6
vendor:	ruggedcom	model:	rugged operating system	scope:	eq	version:	3.10.1	Trust: 0.3
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.12	Trust: 0.2
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.12.2	Trust: 0.2
vendor:	ruggedcom	model:	ros	scope:	lt	version:	3.11	Trust: 0.2
vendor:	ruggedcom	model:	ros	scope:	lt	version:	3.11.5	Trust: 0.2
vendor:	ruggedcom	model:	ros	scope:	lt	version:	3.12.4	Trust: 0.2
vendor:	ruggedcom	model:	ros	scope:	lt	version:	4.1.0	Trust: 0.2

sources: IVD: 339f3144-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01107 // BID: 65625 // JVNDB: JVNDB-2014-001459 // CNNVD: CNNVD-201402-352 // NVD: CVE-2014-1966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1966
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-1966
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01107
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201402-352
value:	HIGH
Trust: 0.6
IVD:	339f3144-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-69905
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-1966
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01107
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	339f3144-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-69905
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 339f3144-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01107 // VULHUB: VHN-69905 // JVNDB: JVNDB-2014-001459 // CNNVD: CNNVD-201402-352 // NVD: CVE-2014-1966

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-69905 // JVNDB: JVNDB-2014-001459 // NVD: CVE-2014-1966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-352

TYPE

Resource management error

Trust: 0.8

sources: IVD: 339f3144-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201402-352

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001459

PATCH

title:	SSA-892342	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf	Trust: 0.8
title:	RuggedCom Rugged Operating System Patch for SMTP Protocol Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/43753	Trust: 0.6
title:	Siemens RuggedCom ROS Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180264	Trust: 0.6

sources: CNVD: CNVD-2014-01107 // JVNDB: JVNDB-2014-001459 // CNNVD: CNNVD-201402-352

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1966	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-051-03	Trust: 2.5
db:	SIEMENS	id:	SSA-892342	Trust: 2.3
db:	BID	id:	65625	Trust: 1.0
db:	CNNVD	id:	CNNVD-201402-352	Trust: 0.9
db:	CNVD	id:	CNVD-2014-01107	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001459	Trust: 0.8
db:	SECUNIA	id:	56973	Trust: 0.6
db:	IVD	id:	339F3144-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SEEBUG	id:	SSVID-61563	Trust: 0.1
db:	VULHUB	id:	VHN-69905	Trust: 0.1

sources: IVD: 339f3144-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01107 // VULHUB: VHN-69905 // BID: 65625 // JVNDB: JVNDB-2014-001459 // CNNVD: CNNVD-201402-352 // NVD: CVE-2014-1966

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-051-03	Trust: 2.5
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1966	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1966	Trust: 0.8
url:	http://secunia.com/advisories/56973/	Trust: 0.6
url:	http://www.ruggedcom.com/	Trust: 0.3

sources: CNVD: CNVD-2014-01107 // VULHUB: VHN-69905 // BID: 65625 // JVNDB: JVNDB-2014-001459 // CNNVD: CNNVD-201402-352 // NVD: CVE-2014-1966

CREDITS

Ling Toh Koh, Ng Yi Teng, Seyed Dawood Sajjadi Torshizi, Ryan Lee and Ho Ping Hou from EV-Dynamic, Malaysia

Trust: 0.3

sources: BID: 65625

SOURCES

db:	IVD	id:	339f3144-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-01107
db:	VULHUB	id:	VHN-69905
db:	BID	id:	65625
db:	JVNDB	id:	JVNDB-2014-001459
db:	CNNVD	id:	CNNVD-201402-352
db:	NVD	id:	CVE-2014-1966

LAST UPDATE DATE

2024-11-23T23:09:54.133000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01107	date:	2014-04-02T00:00:00
db:	VULHUB	id:	VHN-69905	date:	2014-02-24T00:00:00
db:	BID	id:	65625	date:	2014-05-29T01:16:00
db:	JVNDB	id:	JVNDB-2014-001459	date:	2014-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201402-352	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2014-1966	date:	2024-11-21T02:05:22.220

SOURCES RELEASE DATE

db:	IVD	id:	339f3144-2352-11e6-abef-000c29c66e3d	date:	2014-02-20T00:00:00
db:	CNVD	id:	CNVD-2014-01107	date:	2014-02-20T00:00:00
db:	VULHUB	id:	VHN-69905	date:	2014-02-24T00:00:00
db:	BID	id:	65625	date:	2014-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-001459	date:	2014-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201402-352	date:	2014-02-26T00:00:00
db:	NVD	id:	CVE-2014-1966	date:	2014-02-24T04:48:10.210