Industry News & Analysis Vulnerabilities

Siemens RUGGEDCOM Devices Affected by Several Flaws

Siemens has shared recommendations for mitigating several medium and high severity vulnerabilities affecting some of the company’s RUGGEDCOM products.

Four types of security holes have been identified in RUGGEDCOM appliances running any version of ROX I (Rugged Operating System on Linux). The affected products are industrially hardened security appliances with integrated router, firewall and VPN functionality. They are used worldwide at electric utility substations, traffic control cabinets and in other harsh environments.

A majority of the vulnerabilities were discovered and reported by researcher Maxim Rupp, including cross-site scripting (XSS), path traversal, privilege escalation and cross-site request forgery (CSRF) issues. One XSS flaw was also discovered by Siemens itself.

Rupp has identified roughly 20 parameters that allow hackers to launch XSS attacks and execute arbitrary JavaScript code due to improper input validation (CVE-2017-2687). The expert has also identified a path traversal vulnerability (CVE-2017-2686) that can be exploited to read arbitrary files and possibly access sensitive information.




Related posts

International ATM Malware Gang Dismantled


Maryland Selects Gemalto’s Complete Solution


Kaspersky Launches Targeted Attack Protection Platform