CVE-2021-37209
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:U/RC:C
Summary
A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default.
This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | RUGGEDCOM i800 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM i801 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM i802 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM i803 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM M2100 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM M2200 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM M969 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RMC30 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RMC8388 V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RMC8388 V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RP110 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS1600 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS1600F | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS1600T | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS400 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS401 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS416 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS416P | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS416Pv2 V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS416Pv2 V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RS416v2 V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS416v2 V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RS8000 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS8000A | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS8000H | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS8000T | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900 (32M) V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900 (32M) V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RS900G | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900G (32M) V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900G (32M) V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RS900GP | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900L | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900M-GETS-C01 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900M-GETS-XX | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900M-STND-C01 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900M-STND-XX | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS900W | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS910 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS910L | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS910W | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS920L | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS920W | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS930L | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS930W | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS940G | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RS969 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2100 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2100 (32M) V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2100 (32M) V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG2100P | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2100P (32M) V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2100P (32M) V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG2200 | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2288 V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2288 V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG2300 V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2300 V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG2300P V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2300P V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG2488 V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG2488 V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG907R | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG908C | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG909R | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG910C | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSG920P V4.X | 0 < V4.3.8 | affected |
| Siemens | RUGGEDCOM RSG920P V5.X | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RSL910 | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RST2228 | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RST2228P | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RST916C | 0 < V5.7.0 | affected |
| Siemens | RUGGEDCOM RST916P | 0 < V5.7.0 | affected |
Weaknesses
- CWE-326: CWE-326: Inadequate Encryption Strength
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf
- https://cert-portal.siemens.com/productcert/html/ssa-764417.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.