SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-782291569] Siemens RUGGEDCOM NMS

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-02-28OtherSiemensSiemensN/AN/AN/AN/A

Source

						
							
								
#
# Siemens RUGGEDCOM NMS
#


### VULNERABLE VENDOR
Siemens


### VULNERABLE PRODUCT
RUGGEDCOM NMS



### RESEARCHER



### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects the following RUGGEDCOM monitoring products:

RUGGEDCOM NMS: All versions prior to V2.1.0 (Windows and Linux).



### IMPACT

Successful exploitation of these vulnerabilities could allow a remote attacker to perform administrative operations under certain conditions.



### VULNERABILITY OVERVIEW



### BACKGROUND

Critical Infrastructure Sectors: Energy, Healthcare and Public Health, and Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Siemens provides RUGGEDCOM NMS V2.1.0 which fixes the vulnerabilities and recommends users update to the new version. Information on how to obtain the latest RUGGEDCOM software and firmware can be found at the following location on the Siemens web site:

https://support.industry.siemens.com/cs/ww/en/view/109745179


For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-363881 at the following location:

http://www.siemens.com/cert/en/cert-security-advisories.htm


As a general security measure Siemens strongly recommends protecting network access to the RUGGEDCOM NMS with appropriate mechanisms and configuring the environment according to Siemens' operational guidelines in order to run the devices in a protected IT environment.

https://www.siemens.com/cert/operational-guidelines-industrial-security