CVE-2021-37209

Summary

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default.

This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Affected Software

VendorProductVersion RangeStatus
SiemensRUGGEDCOM i8000 < V4.3.8affected
SiemensRUGGEDCOM i8010 < V4.3.8affected
SiemensRUGGEDCOM i8020 < V4.3.8affected
SiemensRUGGEDCOM i8030 < V4.3.8affected
SiemensRUGGEDCOM M21000 < V4.3.8affected
SiemensRUGGEDCOM M22000 < V4.3.8affected
SiemensRUGGEDCOM M9690 < V4.3.8affected
SiemensRUGGEDCOM RMC300 < V4.3.8affected
SiemensRUGGEDCOM RMC8388 V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RMC8388 V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RP1100 < V4.3.8affected
SiemensRUGGEDCOM RS16000 < V4.3.8affected
SiemensRUGGEDCOM RS1600F0 < V4.3.8affected
SiemensRUGGEDCOM RS1600T0 < V4.3.8affected
SiemensRUGGEDCOM RS4000 < V4.3.8affected
SiemensRUGGEDCOM RS4010 < V4.3.8affected
SiemensRUGGEDCOM RS4160 < V4.3.8affected
SiemensRUGGEDCOM RS416P0 < V4.3.8affected
SiemensRUGGEDCOM RS416Pv2 V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RS416Pv2 V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RS416v2 V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RS416v2 V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RS80000 < V4.3.8affected
SiemensRUGGEDCOM RS8000A0 < V4.3.8affected
SiemensRUGGEDCOM RS8000H0 < V4.3.8affected
SiemensRUGGEDCOM RS8000T0 < V4.3.8affected
SiemensRUGGEDCOM RS9000 < V4.3.8affected
SiemensRUGGEDCOM RS900 (32M) V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RS900 (32M) V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RS900G0 < V4.3.8affected
SiemensRUGGEDCOM RS900G (32M) V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RS900G (32M) V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RS900GP0 < V4.3.8affected
SiemensRUGGEDCOM RS900L0 < V4.3.8affected
SiemensRUGGEDCOM RS900M-GETS-C010 < V4.3.8affected
SiemensRUGGEDCOM RS900M-GETS-XX0 < V4.3.8affected
SiemensRUGGEDCOM RS900M-STND-C010 < V4.3.8affected
SiemensRUGGEDCOM RS900M-STND-XX0 < V4.3.8affected
SiemensRUGGEDCOM RS900W0 < V4.3.8affected
SiemensRUGGEDCOM RS9100 < V4.3.8affected
SiemensRUGGEDCOM RS910L0 < V4.3.8affected
SiemensRUGGEDCOM RS910W0 < V4.3.8affected
SiemensRUGGEDCOM RS920L0 < V4.3.8affected
SiemensRUGGEDCOM RS920W0 < V4.3.8affected
SiemensRUGGEDCOM RS930L0 < V4.3.8affected
SiemensRUGGEDCOM RS930W0 < V4.3.8affected
SiemensRUGGEDCOM RS940G0 < V4.3.8affected
SiemensRUGGEDCOM RS9690 < V4.3.8affected
SiemensRUGGEDCOM RSG21000 < V4.3.8affected
SiemensRUGGEDCOM RSG2100 (32M) V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RSG2100 (32M) V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RSG2100P0 < V4.3.8affected
SiemensRUGGEDCOM RSG2100P (32M) V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RSG2100P (32M) V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RSG22000 < V4.3.8affected
SiemensRUGGEDCOM RSG2288 V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RSG2288 V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RSG2300 V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RSG2300 V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RSG2300P V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RSG2300P V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RSG2488 V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RSG2488 V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RSG907R0 < V5.7.0affected
SiemensRUGGEDCOM RSG908C0 < V5.7.0affected
SiemensRUGGEDCOM RSG909R0 < V5.7.0affected
SiemensRUGGEDCOM RSG910C0 < V5.7.0affected
SiemensRUGGEDCOM RSG920P V4.X0 < V4.3.8affected
SiemensRUGGEDCOM RSG920P V5.X0 < V5.7.0affected
SiemensRUGGEDCOM RSL9100 < V5.7.0affected
SiemensRUGGEDCOM RST22280 < V5.7.0affected
SiemensRUGGEDCOM RST2228P0 < V5.7.0affected
SiemensRUGGEDCOM RST916C0 < V5.7.0affected
SiemensRUGGEDCOM RST916P0 < V5.7.0affected

Weaknesses

  • CWE-326: CWE-326: Inadequate Encryption Strength

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References