CVE-2021-37209

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 (All versions < V5.7.0), RUGGEDCOM RS416v2 (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

CVSS v3.0 6.7 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.7^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.5

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:siemens:ruggedcom_i800:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_i801:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_i802:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_i803:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_m2100:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_m2200:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_m969:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rmc:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rmc20:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rmc30:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rmc40:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rmc41:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rmc8388:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rp110:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs400:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs401:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs416:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs416v2:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs8000:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs8000a:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs8000h:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs8000t:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs900:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs900g:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs900gp:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs900l:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs900w:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs910:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs910l:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs910w:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs920l:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs920w:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs930l:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs930w:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs940g:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rs969:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg2100:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg2100p:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg2200:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg2288:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg2300:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg2300p:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg2488:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg907r:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg908c:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg909r:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg910c:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsg920p:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rsl910:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rst2228:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rst2228p:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rst916c:-:::::::*
	cpe:2.3:h:siemens:ruggedcom_rst916p:-:::::::*

Information

Published : 2022-03-08 04:15

Updated : 2023-03-14 03:15

NVD link : CVE-2021-37209

Mitre link : CVE-2021-37209

JSON object : View

CWE

CWE-326

Inadequate Encryption Strength

Products Affected

siemens

ruggedcom_rp110
ruggedcom_rsg2488
ruggedcom_ros
ruggedcom_rs8000
ruggedcom_rs920w
ruggedcom_rmc40
ruggedcom_rst916p
ruggedcom_rs400
ruggedcom_rsg910c
ruggedcom_rs8000t
ruggedcom_rmc8388
ruggedcom_rs910l
ruggedcom_rs940g
ruggedcom_rsg2100
ruggedcom_rsg2200
ruggedcom_rsg2300p
ruggedcom_rs900w
ruggedcom_rmc41
ruggedcom_rsg2300
ruggedcom_rs910
ruggedcom_i802
ruggedcom_rs416v2
ruggedcom_rs920l
ruggedcom_rsg909r
ruggedcom_rsl910
ruggedcom_i800
ruggedcom_rs8000h
ruggedcom_rs900l
ruggedcom_rs8000a
ruggedcom_m969
ruggedcom_i801
ruggedcom_rsg920p
ruggedcom_rs900gp
ruggedcom_rsg907r
ruggedcom_rst2228
ruggedcom_rst2228p
ruggedcom_rmc30
ruggedcom_rs930l
ruggedcom_rs930w
ruggedcom_i803
ruggedcom_rst916c
ruggedcom_rs401
ruggedcom_rsg908c
ruggedcom_rmc
ruggedcom_rs900
ruggedcom_rs900g
ruggedcom_rs910w
ruggedcom_rs416
ruggedcom_rmc20
ruggedcom_rsg2288
ruggedcom_rs969
ruggedcom_m2100
ruggedcom_rsg2100p
ruggedcom_m2200

6.7 /10