Primary

Context

Siemens RUGGEDCOM RST2428P Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

A resource exhaustion vulnerability has been identified in the Siemens RUGGEDCOM RST2428P (6GK6242-6PA00) device, all versions. When the device is subjected to high volumes of query requests, it may experience a temporary denial-of-service condition. The system is expected to recover once the excessive activity subsides.

Impact

Exploitation of this vulnerability can cause a temporary denial-of-service condition, with the system recovering after the high volume of query requests is reduced.

Remediation

Currently, no fix is available for this vulnerability. However, it is recommended to create a firewall rule that blocks the UDP ports used by the device for discovery protocols, such as LLDP, DCP, and MRP, if those ports are not required. The device uses UDP port 34964 and one port in the range of 49152-65535 for these discovery protocols.

Added: Sep 9, 2025, 9:24 AM

Updated: Sep 9, 2025, 5:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens RUGGEDCOM RST2428P Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating