RUGGEDCOM RS900

5/10/2017
*The product; *
"The RUGGEDCOM RS900 is a 9-port utility-grade, fully managed Ethernet switch, specifically designed to operate reliably in
electrically harsh and climatically demanding environments."
Source: http://w3.siemens.com/mcms/industrial-communication/en/rugged-communication/ruggedcom-portfolio/switches-routers-layer-2/compact-switches/Pages/rs900.aspx

*Devices affected:*
RUGGEDCOM RS900 (however, other models of RUGGEDCOM switches may be affected as well)

*Firmware/configuration affected:*
RS900
Order Code RS900-HI-D-MT-MT-MT-XX
Boot version v3.0.2
Main version 4.2.1
Required Boot 2.20.0
Hardware ID RS900 (v2, 40-00-0066)

*Vulnerability type: Denial of Service.*
Successful exploiting this vulnerability are very simple - by sending a limited numbers of ICMP packages does the CPU max to 65% load and stop responding during the attack.

 
Via a serial connection to the router diagnostic page, it can be seen that the router CPU max up to 65% and stop responding to e.g. a running ping command.

*Overall CVSS Score:*    7.5 (Version3)
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

**Mitigation/workaround;*
None know at the moment.

*EXPLOITABILITY*
These vulnerabilities could be exploited remotely.

*EXISTENCE OF EXPLOIT*
No known public exploits specifically target these vulnerabilities.

*DIFFICULTY*
An attacker with a low skill would be able to exploit these vulnerabilities.

*Credits:*
This vulnerability was found by Carsten Borup Andersen and Mikael Vingaard, based on the work of the other researchers, who found the Black Nurse
vulnerability. For details pls see www.blacknurse.dk