*The product; *
"The RUGGEDCOM RS900 is a 9-port utility-grade, fully managed Ethernet switch, specifically designed to operate reliably in
electrically harsh and climatically demanding environments."
RUGGEDCOM RS900 (however, other models of RUGGEDCOM switches may be affected as well)
Order Code RS900-HI-D-MT-MT-MT-XX
Boot version v3.0.2
Main version 4.2.1
Required Boot 2.20.0
Hardware ID RS900 (v2, 40-00-0066)
*Vulnerability type: Denial of Service.*
Successful exploiting this vulnerability are very simple - by sending a limited numbers of ICMP packages does the CPU max to 65% load and stop responding during the attack.
Via a serial connection to the router diagnostic page, it can be seen that the router CPU max up to 65% and stop responding to e.g. a running ping command.
*Overall CVSS Score:* 7.5 (Version3)
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
None know at the moment.
These vulnerabilities could be exploited remotely.
*EXISTENCE OF EXPLOIT*
No known public exploits specifically target these vulnerabilities.
An attacker with a low skill would be able to exploit these vulnerabilities.
This vulnerability was found by Carsten Borup Andersen and Mikael Vingaard, based on the work of the other researchers, who found the Black Nurse
vulnerability. For details pls see www.blacknurse.dk