Full Report
The boot loader within RUGGEDCOM ROS contains two vulnerabilities in the loading process of the operating system kernel. The more severe of these vulnerabilities could allow an attacker with local access to the device to execute arbitrary code on an affected device. Siemens recommends specific countermeasures to mitigate this issue.
Analysis Summary
# Vulnerability: Boot Loader Flaws in RUGGEDCOM ROS Devices
## CVE Details
- **CVE ID:** CVE-2018-18440
- **CVSS Score:** 7.8 (High)
- **CWE:** CWE-20 (Improper Input Validation)
- **CVE ID:** CVE-2019-13103
- **CVSS Score:** 4.6 (Medium)
- **CWE:** CWE-674 (Uncontrolled Recursion)
## Affected Systems
- **Products:** RUGGEDCOM Ethernet Switches and Medioconverters (RMC8388, RSG920P, RSG920PNC, RSG2488, RSG2488NC, RSL910, RST2228P).
- **Versions:** All versions running U-Boot version V2016.05RS09 or earlier.
- **Configurations:**
- CVE-2018-18440: Affects devices where the boot interface is accessible during startup.
- CVE-2019-13103: Specifically affects RUGGEDCOM ROS if the device is configured to boot from removable media.
## Vulnerability Description
The boot loader (U-Boot) used in RUGGEDCOM ROS contains two distinct flaws in how it handles the OS kernel loading process:
1. **CVE-2018-18440:** Improper input validation during the boot process. An attacker with local access to the boot interface can bypass security restrictions and execute arbitrary code.
2. **CVE-2019-13103:** An uncontrolled recursion flaw. A specially crafted self-referential DOS partition table on bootable media causes the stack to grow infinitely, leading to a system crash and Denial of Service (DoS).
## Exploitation
- **Status:** PoC available (CVE-2019-13103); no known public exploitation in the wild at the time of publication.
- **Complexity:** Low
- **Attack Vector:**
- CVE-2018-18440: Local
- CVE-2019-13103: Physical (requires interaction with removable media)
## Impact
- **Confidentiality:** High (CVE-2018-18440)
- **Integrity:** High (CVE-2018-18440)
- **Availability:** High (Both CVEs)
## Remediation
### Patches
Currently, **no fix is planned** for the affected hardware versions, as the boot loader cannot be updated on existing devices in the field.
### Workarounds
Siemens recommends the following configuration changes via the `bootoption.txt` file:
- **To mitigate CVE-2018-18440:** Set the parameter `Security = yes` to disable boot interface access during startup.
- **To mitigate CVE-2019-13103:** Set the parameter `Disableautoaccessremovable = Yes` to prevent the device from automatically accessing or booting from removable media.
## Detection
- **Indicators of Compromise:** Unexpected system reboots, presence of unauthorized removable media, or evidence of manual interference with the boot CLI.
- **Detection Methods:** Administrators should verify the U-Boot version by accessing the boot loader interface and executing the `version` command. Ensure physical security of the device to prevent unauthorized console access.
## References
- **Vendor Advisory:** hXXps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-618620[.]pdf
- **Siemens Industrial Security Guidelines:** hXXps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security
- **Siemens ProductCERT:** hXXps://www[.]siemens[.]com/cert/advisories