ID

VAR-202209-0664


CVE

CVE-2022-39158


TITLE

Siemens RUGGEDCOM Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202209-793

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RS416Pv2 (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < v5.6.0), RUGGEDCOM ROS RST2228 (All versions < v5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < v5.6.0), RUGGEDCOM ROS RST916P (All versions < v5.6.0). Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends.

Trust: 1.0

sources: NVD: CVE-2022-39158

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcom rosscope:ltversion:5.6.0

Trust: 1.0

sources: NVD: CVE-2022-39158

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-39158
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202209-793
value: HIGH

Trust: 0.6

NVD: CVE-2022-39158
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202209-793 // NVD: CVE-2022-39158

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

sources: NVD: CVE-2022-39158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-793

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202209-793

CONFIGURATIONS

sources: NVD: CVE-2022-39158

PATCH

title:Siemens RUGGEDCOM Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=208113

Trust: 0.6

sources: CNNVD: CNNVD-202209-793

EXTERNAL IDS

db:NVDid:CVE-2022-39158

Trust: 1.6

db:SIEMENSid:SSA-459643

Trust: 1.6

db:ICS CERTid:ICSA-22-258-03

Trust: 0.6

db:AUSCERTid:ESB-2022.4614

Trust: 0.6

db:CNNVDid:CNNVD-202209-793

Trust: 0.6

sources: CNNVD: CNNVD-202209-793 // NVD: CVE-2022-39158

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-459643.pdf

Trust: 1.6

url:https://cxsecurity.com/cveshow/cve-2022-39158/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-258-03

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4614

Trust: 0.6

url:https://vigilance.fr/vulnerability/ruggedcom-ros-overload-via-http-requests-nonstop-slowloris-39255

Trust: 0.6

sources: CNNVD: CNNVD-202209-793 // NVD: CVE-2022-39158

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202209-793

SOURCES

db:CNNVDid:CNNVD-202209-793
db:NVDid:CVE-2022-39158

LAST UPDATE DATE

2022-09-20T20:11:38.578000+00:00


SOURCES UPDATE DATE

db:CNNVDid:CNNVD-202209-793date:2022-09-19T00:00:00
db:NVDid:CVE-2022-39158date:2022-09-16T19:17:00

SOURCES RELEASE DATE

db:CNNVDid:CNNVD-202209-793date:2022-09-13T00:00:00
db:NVDid:CVE-2022-39158date:2022-09-13T10:15:00