Detections
Analytics
RuggedCom RuggedOS HTTP Traffic Handling Remote DoS
medium Nessus Plugin ID 73517
Language:
Synopsis
The remote host is affected by a denial of service vulnerability.Description
According to the self-reported version of the remote RuggedCom RuggedOS (ROS) device, it is affected by a denial of service vulnerability that can be triggered by sending a specially crafted request to the HTTP server on the device. If successfully exploited, the HTTP server will remain disabled until the device is rebooted.Note that this vulnerability does not affect HTTPS.
Solution
Upgrade to the appropriate ROS version per the vendor's advisory or restrict access to the web interface on the device.See Also
http://www.nessus.org/u?069c85ad
https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2590.html
Plugin Details
Severity: Medium
ID: 73517
File Name: scada_ruggedos_http_4_1.nbin
Version: 1.128
Type: remote
Family: SCADA
Published: 4/15/2014
Updated: 4/15/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/o:siemens:ruggedcom_rugged_operating_system
Required KB Items: Host/RuggedOS/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 3/28/2014
Vulnerability Publication Date: 3/28/2014
Reference Information
CVE: CVE-2014-2590
BID: 66522
ICSA: 14-087-01, 14-087-01A