Denial of Service Vulnerability in RUGGEDCOM Devices by Siemens
CVE-2023-39269

7.5HIGH

Key Information:

Vendor: Siemens
Status: RUGGEDCOM i800; RUGGEDCOM i800NC; RUGGEDCOM i801; RUGGEDCOM i801NC
Vendor: CVE Published:; 8 August 2023

Summary

A vulnerability exists in the web server of various RUGGEDCOM devices manufactured by Siemens. This flaw can be exploited by an attacker to induce a denial of service condition, resulting in a complete loss of availability of the web server. Recovery from this state may occur automatically after the attack concludes. The affected products include a wide range of RUGGEDCOM models and versions, making it crucial for users to evaluate their systems for potential risks.

Affected Version(s)

RUGGEDCOM i800 All versions < V4.3.8

RUGGEDCOM i800NC All versions < V4.3.8

RUGGEDCOM i801 All versions < V4.3.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-77090...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 26, 2023