CVE-2021-37209
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD (Secondary)
Description
A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default.
This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.
Affected (1)
Products: Siemens: Ruggedcom Ros
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Ruggedcom I800 | All versions |
Siemens Ruggedcom I801 | All versions |
Siemens Ruggedcom I802 | All versions |
Siemens Ruggedcom I803 | All versions |
Siemens Ruggedcom M2100 | All versions |
Siemens Ruggedcom M2200 | All versions |
Siemens Ruggedcom M969 | All versions |
Siemens Ruggedcom Rmc | All versions |
Siemens Ruggedcom Rmc20 | All versions |
Siemens Ruggedcom Rmc30 | All versions |
Siemens Ruggedcom Rmc40 | All versions |
Siemens Ruggedcom Rmc41 | All versions |
Siemens Ruggedcom Rmc8388 | All versions |
Siemens Ruggedcom Rp110 | All versions |
Siemens Ruggedcom Rs400 | All versions |
Siemens Ruggedcom Rs401 | All versions |
Siemens Ruggedcom Rs416 | All versions |
Siemens Ruggedcom Rs416v2 | All versions |
Siemens Ruggedcom Rs8000 | All versions |
Siemens Ruggedcom Rs8000a | All versions |
Siemens Ruggedcom Rs8000h | All versions |
Siemens Ruggedcom Rs8000t | All versions |
Siemens Ruggedcom Rs900 | All versions |
Siemens Ruggedcom Rs900g | All versions |
Siemens Ruggedcom Rs900gp | All versions |
Siemens Ruggedcom Rs900l | All versions |
Siemens Ruggedcom Rs900w | All versions |
Siemens Ruggedcom Rs910 | All versions |
Siemens Ruggedcom Rs910l | All versions |
Siemens Ruggedcom Rs910w | All versions |
Siemens Ruggedcom Rs920l | All versions |
Siemens Ruggedcom Rs920w | All versions |
Siemens Ruggedcom Rs930l | All versions |
Siemens Ruggedcom Rs930w | All versions |
Siemens Ruggedcom Rs940g | All versions |
Siemens Ruggedcom Rs969 | All versions |
Siemens Ruggedcom Rsg2100 | All versions |
Siemens Ruggedcom Rsg2100p | All versions |
Siemens Ruggedcom Rsg2200 | All versions |
Siemens Ruggedcom Rsg2288 | All versions |
Siemens Ruggedcom Rsg2300 | All versions |
Siemens Ruggedcom Rsg2300p | All versions |
Siemens Ruggedcom Rsg2488 | All versions |
Siemens Ruggedcom Rsg907r | All versions |
Siemens Ruggedcom Rsg908c | All versions |
Siemens Ruggedcom Rsg909r | All versions |
Siemens Ruggedcom Rsg910c | All versions |
Siemens Ruggedcom Rsg920p | All versions |
Siemens Ruggedcom Rsl910 | All versions |
Siemens Ruggedcom Rst2228 | All versions |
Siemens Ruggedcom Rst2228p | All versions |
Siemens Ruggedcom Rst916c | All versions |
Siemens Ruggedcom Rst916p | All versions |
Related CWEs
CWE-311
Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
CWE-326
Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
References (3)
Source: productcert@siemens.com
Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.