Details of VAR-201404-0628

ID

VAR-201404-0628

CVE

CVE-2014-2590

TITLE

RuggedCom Rugged Operating System WEB Interface Denial of Service Vulnerability

Trust: 1.0

sources: IVD: 1c846bb4-2352-11e6-abef-000c29c66e3d // IVD: cb580a39-0e4d-4715-96ce-4a91d1d302d2 // CNVD: CNVD-2014-02085

DESCRIPTION

The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. The WEB server listening to port 80 in the RuggedCom Rugged Operating System system fails to properly handle the user-submitted specially crafted messages, allowing the attacker to submit a specially made request to crash the WEB interface. This vulnerability does not affect the HTTPS service and switching functions. RuggedCom Rugged Operating System is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application resulting in denial-of-service conditions. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany. The following versions are affected: ROS versions prior to 3.11, 3.11 versions prior to ROS 3.11.5 for RS950G products, ROS version 3.12, ROS version 4.0 for RS950G products

Trust: 2.88

sources: NVD: CVE-2014-2590 // JVNDB: JVNDB-2014-001858 // CNVD: CNVD-2014-02085 // BID: 66522 // IVD: 1c846bb4-2352-11e6-abef-000c29c66e3d // IVD: cb580a39-0e4d-4715-96ce-4a91d1d302d2 // VULHUB: VHN-70529

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 1c846bb4-2352-11e6-abef-000c29c66e3d // IVD: cb580a39-0e4d-4715-96ce-4a91d1d302d2 // CNVD: CNVD-2014-02085

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.12	Trust: 1.4
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	gte	version:	3.12	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	3.12.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	gt	version:	3.11.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	3.11.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	gt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	4.1.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	3.11.5	Trust: 1.0
vendor:	ruggedcom	model:	rugged operating system	scope:	eq	version:	3.10.1	Trust: 0.9
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	4.0 for rsg2488	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	lt	version:	3.11	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.11.5 for rs950g	Trust: 0.8
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.6.6	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.5.4	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	4.0	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.4.9	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.11	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.2.5	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.3.6	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.10.1	Trust: 0.6
vendor:	siemens	model:	ruggedcom rugged operating system	scope:	eq	version:	3.7.9	Trust: 0.6
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.2.5	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.3.6	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.4.9	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.5.4	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.6.6	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.7.9	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.8.5	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.9.3	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.10.1	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.11	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	3.12	Trust: 0.4
vendor:	ruggedcom rugged operating system	model:	-	scope:	eq	version:	4.0	Trust: 0.4

sources: IVD: 1c846bb4-2352-11e6-abef-000c29c66e3d // IVD: cb580a39-0e4d-4715-96ce-4a91d1d302d2 // CNVD: CNVD-2014-02085 // BID: 66522 // JVNDB: JVNDB-2014-001858 // CNNVD: CNNVD-201404-011 // NVD: CVE-2014-2590

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2590
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2590
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02085
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-011
value:	MEDIUM
Trust: 0.6
IVD:	1c846bb4-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	cb580a39-0e4d-4715-96ce-4a91d1d302d2
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-70529
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2590
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02085
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	1c846bb4-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	cb580a39-0e4d-4715-96ce-4a91d1d302d2
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70529
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 1c846bb4-2352-11e6-abef-000c29c66e3d // IVD: cb580a39-0e4d-4715-96ce-4a91d1d302d2 // CNVD: CNVD-2014-02085 // VULHUB: VHN-70529 // JVNDB: JVNDB-2014-001858 // CNNVD: CNNVD-201404-011 // NVD: CVE-2014-2590

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-70529 // JVNDB: JVNDB-2014-001858 // NVD: CVE-2014-2590

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-011

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201404-011

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001858

PATCH

title:	SSA-831997	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf	Trust: 0.8
title:	RuggedCom Rugged Operating System WEB Interface Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/44605	Trust: 0.6
title:	Siemens RuggedCom ROS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180265	Trust: 0.6

sources: CNVD: CNVD-2014-02085 // JVNDB: JVNDB-2014-001858 // CNNVD: CNNVD-201404-011

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2590	Trust: 3.8
db:	ICS CERT	id:	ICSA-14-087-01	Trust: 3.1
db:	SIEMENS	id:	SSA-831997	Trust: 1.7
db:	CNVD	id:	CNVD-2014-02085	Trust: 1.0
db:	CNNVD	id:	CNNVD-201404-011	Trust: 1.0
db:	BID	id:	66522	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001858	Trust: 0.8
db:	IVD	id:	1C846BB4-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	CB580A39-0E4D-4715-96CE-4A91D1D302D2	Trust: 0.2
db:	VULHUB	id:	VHN-70529	Trust: 0.1

sources: IVD: 1c846bb4-2352-11e6-abef-000c29c66e3d // IVD: cb580a39-0e4d-4715-96ce-4a91d1d302d2 // CNVD: CNVD-2014-02085 // VULHUB: VHN-70529 // BID: 66522 // JVNDB: JVNDB-2014-001858 // CNNVD: CNNVD-201404-011 // NVD: CVE-2014-2590

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-087-01	Trust: 3.1
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2590	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2590	Trust: 0.8
url:	http://www.siemens.com/innovation/en/technology-focus/siemens-cert/cert-security-advisories.htm	Trust: 0.6
url:	http://www.ruggedcom.com/	Trust: 0.3

sources: CNVD: CNVD-2014-02085 // VULHUB: VHN-70529 // BID: 66522 // JVNDB: JVNDB-2014-001858 // CNNVD: CNNVD-201404-011 // NVD: CVE-2014-2590

CREDITS

Aivar Liimets of Martem Telecontrol Systems.

Trust: 0.3

sources: BID: 66522

SOURCES

db:	IVD	id:	1c846bb4-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	cb580a39-0e4d-4715-96ce-4a91d1d302d2
db:	CNVD	id:	CNVD-2014-02085
db:	VULHUB	id:	VHN-70529
db:	BID	id:	66522
db:	JVNDB	id:	JVNDB-2014-001858
db:	CNNVD	id:	CNNVD-201404-011
db:	NVD	id:	CVE-2014-2590

LAST UPDATE DATE

2024-11-23T22:02:12.685000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02085	date:	2014-04-02T00:00:00
db:	VULHUB	id:	VHN-70529	date:	2014-04-01T00:00:00
db:	BID	id:	66522	date:	2014-05-29T01:06:00
db:	JVNDB	id:	JVNDB-2014-001858	date:	2014-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201404-011	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2014-2590	date:	2024-11-21T02:06:35.403

SOURCES RELEASE DATE

db:	IVD	id:	1c846bb4-2352-11e6-abef-000c29c66e3d	date:	2014-04-02T00:00:00
db:	IVD	id:	cb580a39-0e4d-4715-96ce-4a91d1d302d2	date:	2014-04-02T00:00:00
db:	CNVD	id:	CNVD-2014-02085	date:	2014-04-02T00:00:00
db:	VULHUB	id:	VHN-70529	date:	2014-04-01T00:00:00
db:	BID	id:	66522	date:	2014-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-001858	date:	2014-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201404-011	date:	2014-04-03T00:00:00
db:	NVD	id:	CVE-2014-2590	date:	2014-04-01T06:29:39.423