-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# SSA-173565: Denial-of-Service Vulnerability in RUGGEDCOM ROX Devices

Publication Date:        2021-10-12
Last Update:             2021-10-12
Current Version:         1.0
CVSS v3.1 Base Score:    7.5

SUMMARY
=======

The latest update for RUGGEDCOM ROX devices fixes a vulnerability that
could allow an unauthenticated attacker to cause a permanent
Denial-of-Service condition under certain conditions.

Siemens has released updates for the affected products and recommends to
update to the latest versions.


AFFECTED PRODUCTS AND SOLUTION
==============================


* RUGGEDCOM ROX MX5000 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/

* RUGGEDCOM ROX RX1400 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/

* RUGGEDCOM ROX RX1500 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/

* RUGGEDCOM ROX RX1501 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/

* RUGGEDCOM ROX RX1510 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/

* RUGGEDCOM ROX RX1511 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/

* RUGGEDCOM ROX RX1512 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/

* RUGGEDCOM ROX RX1524 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/

* RUGGEDCOM ROX RX1536 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/

* RUGGEDCOM ROX RX5000 
  - Affected versions:
       All versions < V2.14.1
  - Remediation:
       Update to V2.14.1 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800780/


WORKAROUNDS AND MITIGATIONS
===========================

Siemens has identified the following specific workarounds and mitigations that
customers can apply to reduce the risk:

* Restrict access to the affected systems, especially to port 443/tcp, to
trusted IP addresses only



GENERAL SECURITY RECOMMENDATIONS
================================

As a general security measure, Siemens strongly recommends to protect
network access to devices with appropriate mechanisms. In order to
operate the devices in a protected IT environment, Siemens recommends to
configure the environment according to Siemens' operational guidelines
for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security),
and to follow the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found
at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION
===================

ROX-based VPN endpoints and firewall devices are used to connect devices
that operate in harsh environments such as electric utility substations
and traffic control cabinets.

VULNERABILITY CLASSIFICATION
============================

The vulnerability classification has been performed by using the CVSS scoring
system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS
environmental score is specific to the customer's environment and will impact
the overall CVSS score. The environmental score should therefore be
individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a
community-developed list of common software security weaknesses. This serves as
a common language and as a baseline for weakness identification, mitigation,
and prevention efforts. A detailed list of CWE classes can be found at:
https://cwe.mitre.org/.



* Vulnerability CVE-2021-41546

  Affected devices write crashdumps without checking if enough space is
  available on the filesystem. Once the crashdump fills the entire root
  filesystem, affected devices fail to boot successfully. An attacker can
  leverage this vulnerability to cause a permanent Denial-of-Service.

  CVSS v3.1 Base Score: 7.5
  CVSS Vector:          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
  CWE:                  CWE-400: Uncontrolled Resource Consumption


ACKNOWLEDGMENTS
===============

Siemens thanks the following parties for their efforts:

   * Communications Security Establishment, CSE for coordinated disclosure
   * Loudmouth Security Inc. for coordinated disclosure



ADDITIONAL INFORMATION
======================

For further inquiries on security vulnerabilities in Siemens products and
solutions, please contact the Siemens ProductCERT:

https://www.siemens.com/cert/advisories


HISTORY DATA
============

V1.0 (2021-10-12): Publication Date

TERMS OF USE
============

Siemens Security Advisories are subject to the terms and conditions contained
in Siemens' underlying license terms or other applicable agreements previously
agreed to with Siemens (hereinafter "License Terms"). To the extent applicable
to information, software or documentation made available in or through a
Siemens Security Advisory, the Terms of Use of Siemens' Global Website
(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in
particular Sections 8-10 of the Terms of Use, shall apply additionally. In case
of conflicts, the License Terms shall prevail over the Terms of Use.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHyx/myPwjH9jB9tDlm7gTEmyujQFAmFk0AAACgkQlm7gTEmy
ujSHpxAAy2jDlh3KX5mOCx1f8wim8GfL+t07bR8WyaFVrIk+ajsLmxI0kxWpq8iD
xdPvkTAuCa4M5pw85j1bN5wB2b71FJLuGzTshh1ROD6GklyjTYYe9QCy99KRO7oO
2iCX6WNF2cfSALcqDz0fVCY22GlS9zEx4ZaOSgltHrtaPvIErJWIh3FBxr0Pqfyj
C9nkrbZq/t9wrdfZnpxklFF7gpjstKpy6QWm7hQv6qbu6m11IVc37STZCeYymEDy
u1+NbZzZCgHpAg5IT3dfSr8+7g+AFgufWjiVZV4iW2KWNJD3VkKu/6FA67zowcn8
0FGpez2Sy+blWIJvohI+fPBlRW1hhVZ4IUNFcxAu3hiJIn8ShFwPEACDvgMp+9HQ
bi+iWndJ4XJATGf3PrtPMVwauU5hDN04WbleLvVlBxiRprgs7dYPq2ORMO+zjDIM
75f5dOLUMOlRwixFswu+Jd4mbSDv2aCvETifSs97C6en7h5daC4IofMdL3dKF1Ob
O5PK4I3GWHvJkU6MIQEbzxFu1nI1AZnEpQKs1LTqySTJs7aYATiIbku0OntIGT0H
PoTXmwDxlDMDNt062IoAGX5mTWeM+4XwjfP35uVnbiFwp6zk8SR/cq7XiwkuLZuP
CwAnSYVkG+WhZx/+RNnvN4yk6qV75rR6ApFv67SWFTz7+b/wRSM=
=54M8
-----END PGP SIGNATURE-----