Detections
Analytics

RuggedCom Rugged Operating System < 3.12.4 (or 4.0 for RSG2488) Remote Denial of Service via SNMP

medium Nessus Network Monitor Plugin ID 8127

Synopsis

The remote host is running a vulnerable version of the RuggedCom Rugged Operating System (ROS).

Description

Versions earlier than 3.12.4 (or 4.0 for RSG2488) are vulnerable to a remote denial of service via the SNMP service without need for authentication. The specifics have not been released publicly, but patches are available from the vendor to fix this issue.

Solution

The vendor has released patches. Update to ROS version 3.12.4 or later, and ensure that access to this server is restricted to only trusted hosts/networks.

See Also

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf

Plugin Details

Severity: Medium

ID: 8127

Family: SCADA

Published: 2/19/2013

Updated: 3/6/2019

Nessus ID: 73516

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:ruggedcom_rugged_operating_system

Patch Publication Date: 2/18/2013

Vulnerability Publication Date: 2/18/2013

Reference Information

CVE: CVE-2014-1966

BID: 65625