×
Siemens Industry Online Support
Siemens AG
Entry type: Download Entry ID: 109799880, Entry date: 07/07/2021
(0)
Rate

Firmware Download for RUGGEDCOM ROS 4.3.7

  • Entry
  • Associated product(s)
RUGGEDCOM ROS® version 4.3.7 is a Generally Available (GA) release of the RUGGEDCOM ROS® operating system containing new features, enhancements, bug-fixes, and security improvements for supported product models.

RUGGEDCOM ROS® version 4.3.7 software is now available for the RUGGEDCOM products listed below. It can be obtained via the download links below, or by requesting support at https://support.industry.siemens.com/my/us/en/requests#createRequest

The following RUGGEDCOM RS series switches and devices are supported:

All RUGGEDCOM RS & i800 series switches, M969, M2100, and M2200 are supported except for:

  • RUGGEDCOM RST2228(P)
  • RUGGEDCOM RSG907R
  • RUGGEDCOM RSG909R
  • RUGGEDCOM RSG908C
  • RUGGEDCOM RSG910C
  • RUGGEDCOM RSL910
  • RUGGEDCOM RST916P
  • RUGGEDCOM RST916C

 

New Features and Enhancements

  • The system name has been added to the remote syslog message
  • EAP-TLS authentication for 802.1x is now supported
  • Controlled firmware running on non-controlled devices
    The previous release of ROS 4.3.5 allowed controlled (high encryption) firmware to run on devices that are classified as non-controlled (NC). Exempted devices were the RMC30 and RP110. This exemption has been removed and the RMC30NC and RP110NC can now run either C or NC firmware stream.

 

General Improvements

 The following items have been corrected in this release.

  • System time slowing by approximately five seconds after reboot 
  • SysDesc in MIB2 is more descriptive for compatibility with SINEMA Server and SINEC NMS 
  • “DHCP Snooping” menu item changed to “DHCP Relay Agent” for devices that don’t support DHCP snooping

 

Security Fixes and Improvements

  • Bootloader interface on CF52 devices now managed by “bootoption.txt” file
    This feature allows restricting access to the bootloader command line interface on bootup. The default setting disallows bootloader access. See the ROS user guide for details.

  • The factory default settings only enable the ‘admin’ account. The ‘oper’ and ‘guest’ accounts are disabled.

  • SSL ciphers with SHA1 MAC have been removed

  • SSL ciphers with RSA only encryption to ensure perfect forward secrecy

  • TLS 1.1 support has been removed

  • The default SSH key is now RSA

  • The HTTP response headers now include X-Frame-Options and Content-Security-Policy

  • The SNMPv3 Authkey minimum length for trap and alarm generation has been increased to 8 characters as per RFC3414

  • Elliptic curves p-192 and p-224 have been removed
    The p-192 and p-224 ciphers have been deprecated in most modern web browsers, making it impossible to establish a secure HTTP connection to ROS. To harmonize, ROS has removed these weak ciphers.

    Customers using SSL certificates employing the above removed ciphers must upgrade these SSL certificates prior to upgrading ROS, otherwise HTTP access to the device will no longer be possible.

  • Verification of the SSH public key
    A new command line "sshdigest" has been added to show the host fingerprints of ROS devices.
    A new command "sshpubkey list" has been enhanced to display the MD5 and Base64 encoded SHA1 & SHA256 fingerprint information of the public key.

 

Resolved Issues

  •  RADIUS/TACACS+ "Server Unreachable" alarm missing in alarms configuration menu

  •  Weak password alarm is not set after factory defaults

  •  MSTP menu item removed from RUGGEDCOM RS400 and RS401

  •  RCDP now changes to ‘Get-Only’ after management IP address change

  •  TACACS+ failover doesn’t follow configured parameters – Failover takes too long

  •  Management IP was always used as “NAS IP” for RADIUS

  •  SSH connections terminate during “type config.csv”

  •  Uploading a configuration file with $CMD=”reset” causes login sessions to hang

  •  Upgrading from ROS 3.x now converts passwords correctly

  •  Upgrading from ROS 3.x can cause the system time to be stuck in 1970

  •  RUGGEDCOM RS416 crashes after a reset with more than 200 connected Modbus devices

  •  SFP information missing in port status menu on RS900G after reboot

  •  Broken Modbus packet being sent from RMC30 to RTU-Master

  •  SSH fingerprinting causes erroneous “ERR_TCP_SOCKET_CLOSED” syslog messages

  •  Uploading improperly formatted config.csv file causes the target device to crash

  •  RUGGEDCOM RSG2288 crashes with SNTP clients and time source set to GPS

  •  An erroneous default gateway is created when uploading a configuration file with a static route configured

  •  GPS Week Number Rollover Event
    After the GPS rollover event in 2019, an internal compensation mechanism stopped operating correctly after February 20, 2021. This issue affects RSG2288 PTP modules and some RSG2488 PTP modules when the time source is GPS. The affected GPS receiver firmware version is v1.10. ROS now applies additional compensation for the week number rollover. This issue was previously corrected in the ROS 5.5.3 Limited Availability Release.

Known Limitations

  • SNMP usernames are limited to 31 characters
    Using a 32 character SNMPv3 username results in a device crash. To overcome this issue, the SNMP usernames are now limited to 31 characters. Users who employ 32 character SNMP usernames should not upgrade to this version of ROS.

 

Security Improvements

SSA-373591: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices: https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf

This version contains security-relevant product improvements which increases the robustness.

Upgrading to this version is recommended.


 

Third-party software – license conditions and copyright information

You can find the copyright information for the third-party software contained in this product, particularly open source software, as well as applicable license conditions of such third-party software in the ReadMe_OSS file.

 

Special note for resellers

The information and license conditions in the ReadMe_OSS file must be passed on to the purchasing party to avoid license infringements by the reseller or purchasing party.

 

  ReadMe_OSS.pdf (558,8 KB)

 

You can download the files here:

NOTE: Please ensure to download the firmware image (Controlled vs Non-Controlled) that matches your device’s MLFB.

 

ROS MIBs

 Download unterliegt Exportcontrolle  ROS_RuggedCom_MIBs_2020_07_29.zip (269,4 KB)

 

For the products: i800 series, RSG2288, RS900, RS900 (32M), RS900G, RS900G (32M), RS900GP, RS940G, RS900M, RSG2100, RSG2100 (32M), RS910, RS400, RS401, RS416, RS1600, RS8000, RSG2300, RSG2200, M2100, M2200, M969 

Boot:  Download unterliegt Exportcontrolle  ROS-CF52_Boot_v4.3.0.zb.zip (392,6 KB)

SHA-256 Hash Checksum:

3BAE9B48AAB7FFE711C0B07F9A88B0D6A8A08617B951EB41FF2D7F79ADCDEA02

 

Controlled Main:  Download unterliegt Exportcontrolle  ROS-CF52_Main_v4.3.7.zb.zip (1,4 MB)

SHA-256 Hash Checksum:

647cc4431b84cc077fe0f1feb2156ff9aca89cf898d5047d331359a76c941336

 

Non-Controlled Main:  Download unterliegt Exportcontrolle  ROS-CF52_MainNC_v4.3.7.zb.zip (1,3 MB)

SHA-256 Hash Checksum:

af643c55faa0720f7b1d05361172f3ae80565617065095b53394011bd972fc66

 

For the products: RMC30, RP110

Boot:  Download unterliegt Exportcontrolle  ROS-CF52_Boot_v4.3.0.zb.zip (392,6 KB)

SHA-256 Hash Checksum:

3BAE9B48AAB7FFE711C0B07F9A88B0D6A8A08617B951EB41FF2D7F79ADCDEA02

 

Controlled Main:  Download unterliegt Exportcontrolle  ROS-CF52_Main_RMC30RP110_v4.3.7.zb.zip (815,4 KB)

SHA-256 Hash Checksum:

e6024a189b8340cda9c1ea9d76a14e14efc8324b484aba37dc7abbed45c6e76c

 

Non-Controlled Main:   Download unterliegt Exportcontrolle  ROS-CF52_MainNC_RMC30RP110_v4.3.7.zb.zip (675,1 KB)

SHA-256 Hash Checksum:

5db024fb70dba108e7b6336e78c6c675121e8f6ffa428d788bf4ff83de308885

 

For the products: RSG920P, RSG2488, RMC8388

Controlled Main:  Download unterliegt Exportcontrolle  ROS-MPC83_v4.3.7.zb.zip (4,4 MB)

SHA-256 Hash Checksum:

8f66b8f350189fe4fa84589c153545d6932a99f3fa4c86313305dce8c8ecf984

 

Non-Controlled Main:  Download unterliegt Exportcontrolle  ROS-MPC83NC_v4.3.7.zb.zip (4,3 MB)

SHA-256 Hash Checksum:

190eebf681a622ba97bc963dae5f3fd8b9452ead304c6deb156ccdf8fc39ae3e

 

The firmware checksums for all ROS versions are also published in a separate SIOS entry: https://support.industry.siemens.com/cs/us/en/view/109779935

 

Please read the notes on ROS installation/upgrade in the product documentation.

Contact for technical issues: Customer Support, https://support.industry.siemens.com/my/us/en/requests#createRequest

 

Security information

In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept.

Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit https://www.siemens.com/cybersecurity#Ouraspiration


 
Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.
Rate entry
no rating
Requests and feedback
What do you want to do?
Note: The feedback always relates to the current entry / product. Your message will be forwarded to our technical editors working in the Online Support. In a few days, you will receive a response if your feedback requires one. If we have no further questions, you will not hear from us.