A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
| Link | Tags |
|---|---|
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf | vendor advisory mitigation issue tracking |
| http://www.securitytracker.com/id/1039463 | third party advisory vdb entry |
| http://www.securitytracker.com/id/1039464 | third party advisory vdb entry |
| http://www.securityfocus.com/bid/101041 | third party advisory vdb entry |