fkie_cve-2022-39158
Vulnerability from fkie_nvd
Published
2022-09-13 10:15
Modified
2024-11-21 07:17
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-459643.pdfPatch, Vendor Advisory
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-787941.pdf
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-459643.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-787941.pdf
Impacted products
Vendor Product Version
siemens ruggedcom_ros *
siemens ruggedcom_rmc8388 -
siemens ruggedcom_rs416pv2 -
siemens ruggedcom_rs416v2 -
siemens ruggedcom_rs900_\(32m\) -
siemens ruggedcom_rs900g_\(32m\) -
siemens ruggedcom_rsg2100_\(32m\) -
siemens ruggedcom_rsg2288 -
siemens ruggedcom_rsg2300 -
siemens ruggedcom_rsg2300p -
siemens ruggedcom_rsg2488 -
siemens ruggedcom_rsg907r -
siemens ruggedcom_rsg908c -
siemens ruggedcom_rsg909r -
siemens ruggedcom_rsg910c -
siemens ruggedcom_rsg920p -
siemens ruggedcom_rsl910 -
siemens ruggedcom_rst2228 -
siemens ruggedcom_rst2228p -
siemens ruggedcom_rst916c -
siemens ruggedcom_rst916p -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B395AC-2073-41DA-8577-1CF1C71161FB",
              "versionEndExcluding": "5.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rmc8388:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9307A5-118E-4A06-9CC5-931478BE3440",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rs416pv2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D2431F6-1095-4603-8EB2-642D5D859747",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rs416v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DD536B4-BA38-4CC5-A480-163FF38FA167",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rs900_\\(32m\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "060D7DB5-AE9D-4AEF-BB26-1AEE5091165A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rs900g_\\(32m\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7A756E1-DCD8-4C6D-9467-A354E4AAF842",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg2100_\\(32m\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D61DD01-FEB7-4714-B621-7405D286DB30",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg2288:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42A83F2-B151-48E9-BC54-AC81B5C3B017",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg2300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22A00345-A3E6-40D2-BCB3-9FE042F02119",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg2300p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B393AE3-6C76-4E36-96D3-90228AA7EC14",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg2488:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1DB4EF-5CB1-43BA-AB1F-6D6D48ED859C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg907r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC2D072-D8EA-45A2-9C2D-7AAA65FA683F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg908c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49083023-8702-491B-A7C3-AF60FB605E9F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg909r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FDC0411-3A25-44D1-8929-FF2F4F432F8E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg910c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA599E-B0FD-4708-A2CB-5B3CA89FD865",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsg920p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1243655B-8636-43CF-8052-ABB5263B0BED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F0C8879-659D-4A28-BA72-7BE05B5215CC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rst2228:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CDDB741-B3B9-42C2-9C01-A6FC87A26B44",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rst2228p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AAF8B55-5B3E-49EF-B7B4-BCCE11A09858",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rst916c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52713BFF-C34C-4233-AE92-B91D94911802",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_rst916p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F7373B-E91D-4524-9F1A-0BF4AAC9F461",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. \r\n\r\nThis could allow a remote attacker to create a denial of service condition that persists until the attack ends."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en \nRUGGEDCOM i800, \nRUGGEDCOM i800NC, \nRUGGEDCOM i801, \nRUGGEDCOM i801NC, \nRUGGEDCOM i802, \nRUGGEDCOM i802NC, \nRUGGEDCOM i803, \nRUGGEDCOM i803NC, \nRUGGEDCOM M2100, \nRUGGEDCOM M2100F, \nRUGGEDCOM M210 0NC, \nRUGGEDCOM M2200, \nRUGGEDCOM M2200F, \nRUGGEDCOM M2200NC, \nRUGGEDCOM M969 , \nRUGGEDCOM M969F, \nRUGGEDCOM M969NC, \nRUGGEDCOM RMC30, \nRUGGEDCOM RMC30NC, \nRUGGEDCOM RMC8388 V4.X, \nRUGGEDCOM RMC8388 V5.X, \nRUGGEDCOM RMC8388NC V4.X, \nRUGGEDCOM RMC8388NC V5.X, \nRUGGEDCOM RMC8388 NC V5.X, \nRUGGEDCOM RP110, \nRUGGEDCOM RP110NC, \nRUGGEDCOM RS1600, \nRUGGEDCOM RS1600F, \nRUGGEDCOM RS1600FNC, \nRUGGEDCOM RS1600NC, \nRUGGEDCOM RS1600T, \nRUGGEDCOM RS1600TNC, \nRUGGEDCOM RS400, \nRUGGEDCOM RS400F, \nRUGGEDCOM RS400NC, \nRUGGEDCOM RS401, \nRUGGEDCOM RS401NC, \nRUGGEDCOM RS416, \nRUGGEDCOM RS416F, \nRUGGEDCOM RS416NC, \nRUGGEDCOM RS416NC v2, \nRUGGEDCOM RS416NC v2, \nRUGGEDCOM RS416P, \nRUGGEDCOM RS416PF, \nRUGGEDCOM RS416PNC, \nRUGGEDCOM RS416PNC v2, \nRUGGEDCOM RS416PNC v2, \nRUGGEDCOM RS416Pv2, \nRUGGEDCOM RS416v2, \nRUGGEDCOM RS8000, \nRUGGEDCOM RS8000A, \nRUGGEDCOM RS8000ANC, \nRUGGED COM RS8000H, \nRUGGEDCOM RS8000HNC, \nRUGGEDCOM RS8000NC, \nRUGGEDCOM RS8000T, \nRUGGEDCOM RS8000TNC, \nRUGGEDCOM RS900, \nRUGGEDCOM RS900 (32M) V4.X, \nRUGGEDCOM RS900 (32M) V5.X, \nRUGGEDCOM RS900F, \nRUGGEDCOM RS900G, \nRUGGEDCOM RS900G (32M) V4.X, \nRUGGEDCOM RS900G (32M) V5.X, \nRUGGEDCOM RS900GF, \nRUGGEDCOM RS900GNC, \nRUGGED COMRS900GNC( 32M) V4.X, \nRUGGEDCOM RS900GNC(32M) V5.X, \nRUGGEDCOM RS900GNC(32M) V5.X, \nRUGGEDCOM RS900GP, \nRUGGEDCOM RS900GPF, \nRUGGEDCOM RS900GPNC, \nRUGGEDCOM RS900L, \nRUGGEDCOM RS900LNC, \nRUGGEDCOM RS900M-GET S-C01, \nRUGGEDCOM RS900M-GETS -Xx, \nruggedcom rs900m-stnd-c01, \nruggedcom rs900m-stnd-xx, \nruggedcom rs900mnc-gets-c01, \nruggedcom rs900mnc-gets-xx, \nrs900mnc-stnd-xx, \nrs900mnc-stnd-xxc.Com, \nrs900mnc-stnd-xx, \nrsugugedcom rs900mnc-stnd-xxc, \nrs900mnc-stnd-xx, \nrsugugedcom rs900mnc-stnd-xxcc, \nRUGGEDCOM RS900NC(32M) V4.X, \nRUGGEDCOM RS900NC(32M) V5.X, \nRUGGEDCOM RS900NC(32M) V5.X,\nRUGGEDCOM RS900W, \nRUGGEDCOM RS910, \nRUGGEDCOM RS910L,\nRUGGEDCOM RS910LNC, \nRUGGEDCOM RS910NC, \nRUGGEDCOM RS910W, \nRUGGEDCOM RS920L, \nRUGGEDCOM RS920LNC, \nRUGGEDCOM RS920W, \nRUGGEDCOM RS930L, \nRUGGEDCOM RS930LNC , \nRUGGEDCOM RS930W, \nRUGGEDCOM RS940G, \nRUGGEDCOM RS940GF, \nRUGGEDCOM RS940GNC, \nRUGGEDCOM RS969, \nRUGGEDCOM RS969NC , \nRUGGEDCOM RSG2100, \nRUGGEDCOM RSG2100 (32M) V4.X, \nRUGGEDCOM RSG2100 (32M) V5.X, \nRUGGEDCOM RSG2100F, \nRUGGEDCOM RSG2100NC, \nRUGGEDCOM RSG2100NC(32M) V4.X, \nRUGGEDCOM RSG2100NC(32M) V 5.X, \nRUGGEDCOM RSG2100NC(32M ) V5.X, \nRUGGEDCOM RSG2100P, \nRUGGEDCOM RSG2100PF, \nRUGGEDCOM RSG2100PNC, \nRUGGEDCOM RSG2200, \nRUGGEDCOM RSG2200F, \nRUGGEDCOM RSG2200NC, \nRUGGEDCOM RSG2288 V4.X, \nRUGGEDCOM RSG2288 V5.X, \nRUGGEDCOM RSG2288NC V4.X, \nRUGGEDCOM RSG2288NC V5.X, \nRUGGEDCOM RSG2288NC V5 .X, \nRUGGEDCOM RSG2300 V4.X, \nRUGGEDCOM RSG2300 V5.X, \nRUGGEDCOM RSG2300F, \nRUGGEDCOM RSG2300NC V4.X, \nRUGGEDCOM RSG2300NC V5.X, \nRUGGEDCOM RSG2300NC V5.X, \nRUGGEDCOM RSG2300P V4.X, \nRUGGEDCOM RSG2300P V5.X, \nRUGGEDCOM RSG2300PF , \nRUGGEDCOM RSG2300PNC V4.X, \nRUGGEDCOM RSG2300PNC V5.X, \nRUGGEDCOM RSG2300PNC V5.X, \nRUGGEDCOM RSG2488 V4.X, \nRUGGEDCOM RSG2488 V5.X, \nRUGGEDCOM RSG2488F, \nRUGGEDCOM RSG2488NC V4.X, \nRUGGED COM RSG2488NC V5.X, \nRUGGEDCOM RSG2488NC V5. X, \nRUGGEDCOM RSG907R, \nRUGGEDCOM RSG908C, \nRUGGEDCOM RSG909R, \nRUGGEDCOM RSG910C, \nRUGGEDCOM RSG920P V4.X, \nRUGGEDCOM RSG920P V5.X, \nRUGGEDCOM RSG920PNC V4.X, \nRUGGEDCOM RSG920PNC V5.X, \nRUGGEDCOM RS G920PNC V5.X, \nRUGGEDCOM RSL910, \nRUGGEDCOM RSL910NC, \nRUGGEDCOM RSL910NC, \nRUGGEDCOM RST2228, \nRUGGEDCOM RST2228P, \nRUGGEDCOM RST916C, \nRUGGEDCOM RST916P. \n\nLos dispositivos afectados manejan incorrectamente solicitudes HTTP parciales, lo que los hace vulnerables a ataques de slowloris. Esto podr\u00eda permitir que un atacante remoto cree una condici\u00f3n de denegaci\u00f3n de servicio que persista hasta que finalice el ataque."
    }
  ],
  "id": "CVE-2022-39158",
  "lastModified": "2024-11-21T07:17:41.447",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "productcert@siemens.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-09-13T10:15:12.087",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-459643.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787941.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-459643.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787941.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.