CVE-2024-39675

Summary

A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.

Affected Software

VendorProductVersion RangeStatus
SiemensRUGGEDCOM RMC300 < V4.3.10affected
SiemensRUGGEDCOM RMC30NC0 < V4.3.10affected
SiemensRUGGEDCOM RP1100 < V4.3.10affected
SiemensRUGGEDCOM RP110NC0 < V4.3.10affected
SiemensRUGGEDCOM RS4000 < V4.3.10affected
SiemensRUGGEDCOM RS400NC0 < V4.3.10affected
SiemensRUGGEDCOM RS4010 < V4.3.10affected
SiemensRUGGEDCOM RS401NC0 < V4.3.10affected
SiemensRUGGEDCOM RS4160 < V4.3.10affected
SiemensRUGGEDCOM RS416NC0 < V4.3.10affected
SiemensRUGGEDCOM RS416NCv2 V4.X0 < V4.3.10affected
SiemensRUGGEDCOM RS416NCv2 V5.X0 < V5.9.0affected
SiemensRUGGEDCOM RS416P0 < V4.3.10affected
SiemensRUGGEDCOM RS416PNC0 < V4.3.10affected
SiemensRUGGEDCOM RS416PNCv2 V4.X0 < V4.3.10affected
SiemensRUGGEDCOM RS416PNCv2 V5.X0 < V5.9.0affected
SiemensRUGGEDCOM RS416Pv2 V4.X0 < V4.3.10affected
SiemensRUGGEDCOM RS416Pv2 V5.X0 < V5.9.0affected
SiemensRUGGEDCOM RS416v2 V4.X0 < V4.3.10affected
SiemensRUGGEDCOM RS416v2 V5.X0 < V5.9.0affected
SiemensRUGGEDCOM RS9100 < V4.3.10affected
SiemensRUGGEDCOM RS910L0 < *affected
SiemensRUGGEDCOM RS910LNC0 < *affected
SiemensRUGGEDCOM RS910NC0 < V4.3.10affected
SiemensRUGGEDCOM RS910W0 < V4.3.10affected
SiemensRUGGEDCOM RS920L0 < *affected
SiemensRUGGEDCOM RS920LNC0 < *affected
SiemensRUGGEDCOM RS920W0 < *affected

Weaknesses

  • CWE-497: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References