CVE-2014-2590

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-2590
The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf Broken Link Vendor Advisory
http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01 Permissions Required Third Party Advisory US Government Resource
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rs950g:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_rugged_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rsg2488:-:*:*:*:*:*:*:*
Information

Published : 2014-03-31 23:29

Updated : 2022-02-01 08:53

NVD link : CVE-2014-2590

Mitre link : CVE-2014-2590

JSON object : View

CWE
CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa
Products Affected

siemens

  • ruggedcom_rs950g
  • ruggedcom_rsg2488
  • ruggedcom_rugged_operating_system