Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-37209 |
CWE-ID | CWE-311 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
RUGGEDCOM ROS i800 Hardware solutions / Firmware RUGGEDCOM ROS i801 Hardware solutions / Firmware RUGGEDCOM ROS i802 Hardware solutions / Firmware RUGGEDCOM ROS i803 Hardware solutions / Firmware RUGGEDCOM ROS M969 Hardware solutions / Firmware RUGGEDCOM ROS M2100 Hardware solutions / Firmware RUGGEDCOM ROS M2200 Hardware solutions / Firmware RUGGEDCOM ROS RMC Hardware solutions / Firmware RUGGEDCOM ROS RMC20 Hardware solutions / Firmware RUGGEDCOM ROS RMC30 Hardware solutions / Firmware RUGGEDCOM ROS RMC40 Hardware solutions / Firmware RUGGEDCOM ROS RMC41 Hardware solutions / Firmware RUGGEDCOM ROS RMC8388 Hardware solutions / Firmware RUGGEDCOM ROS RP110 Hardware solutions / Firmware RUGGEDCOM ROS RS400 Hardware solutions / Firmware RUGGEDCOM ROS RS401 Hardware solutions / Firmware RUGGEDCOM ROS RS416 Hardware solutions / Firmware RUGGEDCOM ROS RS416V2 Hardware solutions / Firmware RUGGEDCOM ROS RS900 (32M) Hardware solutions / Firmware RUGGEDCOM ROS RS900G Hardware solutions / Firmware RUGGEDCOM ROS RS900G (32M) Hardware solutions / Firmware RUGGEDCOM ROS RS900GP Hardware solutions / Firmware RUGGEDCOM ROS RS900L Hardware solutions / Firmware RUGGEDCOM ROS RS900W Hardware solutions / Firmware RUGGEDCOM ROS RS910 Hardware solutions / Firmware RUGGEDCOM ROS RS910L Hardware solutions / Firmware RUGGEDCOM ROS RS910W Hardware solutions / Firmware RUGGEDCOM ROS RS920L Hardware solutions / Firmware RUGGEDCOM ROS RS920W Hardware solutions / Firmware RUGGEDCOM ROS RS930L Hardware solutions / Firmware RUGGEDCOM ROS RS930W Hardware solutions / Firmware RUGGEDCOM ROS RS940G Hardware solutions / Firmware RUGGEDCOM ROS RS969 Hardware solutions / Firmware RUGGEDCOM ROS RS8000 Hardware solutions / Firmware RUGGEDCOM ROS RS8000A Hardware solutions / Firmware RUGGEDCOM ROS RS8000H Hardware solutions / Firmware RUGGEDCOM ROS RS8000T Hardware solutions / Firmware RUGGEDCOM ROS RSG900 Hardware solutions / Firmware RUGGEDCOM ROS RSG900C Hardware solutions / Firmware RUGGEDCOM ROS RSG900G Hardware solutions / Firmware RUGGEDCOM ROS RSG900R Hardware solutions / Firmware RUGGEDCOM ROS RSG907R Hardware solutions / Firmware RUGGEDCOM ROS RSG908C Hardware solutions / Firmware RUGGEDCOM ROS RSG909R Hardware solutions / Firmware RUGGEDCOM ROS RSG910C Hardware solutions / Firmware RUGGEDCOM ROS RSG920P Hardware solutions / Firmware RUGGEDCOM ROS RSG2100 Hardware solutions / Firmware RUGGEDCOM ROS RSG2100 (32M) Hardware solutions / Firmware RUGGEDCOM ROS RSG2100P Hardware solutions / Firmware RUGGEDCOM ROS RSG2100P (32M) Hardware solutions / Firmware RUGGEDCOM ROS RSG2200 Hardware solutions / Firmware RUGGEDCOM ROS RSG2288 Hardware solutions / Firmware RUGGEDCOM ROS RSG2300 Hardware solutions / Firmware RUGGEDCOM ROS RSG2300P Hardware solutions / Firmware RUGGEDCOM ROS RSG2488 Hardware solutions / Firmware RUGGEDCOM ROS RSL910 Hardware solutions / Firmware RUGGEDCOM ROS RST916C Hardware solutions / Firmware RUGGEDCOM ROS RST916P Hardware solutions / Firmware RUGGEDCOM ROS RST2228 Hardware solutions / Firmware |
Vendor |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU61259
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-37209
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unencrypted storage of passwords in the client configuration files. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRUGGEDCOM ROS i800: before 5.6.0
RUGGEDCOM ROS i801: before 5.6.0
RUGGEDCOM ROS i802: before 5.6.0
RUGGEDCOM ROS i803: before 5.6.0
RUGGEDCOM ROS M969: before 5.6.0
RUGGEDCOM ROS M2100: before 5.6.0
RUGGEDCOM ROS M2200: before 5.6.0
RUGGEDCOM ROS RMC: before 5.6.0
RUGGEDCOM ROS RMC20: before 5.6.0
RUGGEDCOM ROS RMC30: before 5.6.0
RUGGEDCOM ROS RMC40: before 5.6.0
RUGGEDCOM ROS RMC41: before 5.6.0
RUGGEDCOM ROS RMC8388: before 5.6.0
RUGGEDCOM ROS RP110: before 5.6.0
RUGGEDCOM ROS RS400: before 5.6.0
RUGGEDCOM ROS RS401: before 5.6.0
RUGGEDCOM ROS RS416: before 5.6.0
RUGGEDCOM ROS RS416V2: before 5.6.0
RUGGEDCOM ROS RS900 (32M): before 5.6.0
RUGGEDCOM ROS RS900G: before 5.6.0
RUGGEDCOM ROS RS900G (32M): before 5.6.0
RUGGEDCOM ROS RS900GP: before 5.6.0
RUGGEDCOM ROS RS900L: before 5.6.0
RUGGEDCOM ROS RS900W: before 5.6.0
RUGGEDCOM ROS RS910: before 5.6.0
RUGGEDCOM ROS RS910L: before 5.6.0
RUGGEDCOM ROS RS910W: before 5.6.0
RUGGEDCOM ROS RS920L: before 5.6.0
RUGGEDCOM ROS RS920W: before 5.6.0
RUGGEDCOM ROS RS930L: before 5.6.0
RUGGEDCOM ROS RS930W: before 5.6.0
RUGGEDCOM ROS RS940G: before 5.6.0
RUGGEDCOM ROS RS969: before 5.6.0
RUGGEDCOM ROS RS8000: before 5.6.0
RUGGEDCOM ROS RS8000A: before 5.6.0
RUGGEDCOM ROS RS8000H: before 5.6.0
RUGGEDCOM ROS RS8000T: before 5.6.0
RUGGEDCOM ROS RSG900: before 5.6.0
RUGGEDCOM ROS RSG900C: before 5.6.0
RUGGEDCOM ROS RSG900G: before 5.6.0
RUGGEDCOM ROS RSG900R: before 5.6.0
RUGGEDCOM ROS RSG907R: before 5.6.0
RUGGEDCOM ROS RSG908C: before 5.6.0
RUGGEDCOM ROS RSG909R: before 5.6.0
RUGGEDCOM ROS RSG910C: before 5.6.0
RUGGEDCOM ROS RSG920P: before 5.6.0
RUGGEDCOM ROS RSG2100: before 5.6.0
RUGGEDCOM ROS RSG2100 (32M): before 5.6.0
RUGGEDCOM ROS RSG2100P: before 5.6.0
RUGGEDCOM ROS RSG2100P (32M): before 5.6.0
RUGGEDCOM ROS RSG2200: before 5.6.0
RUGGEDCOM ROS RSG2288: before 5.6.0
RUGGEDCOM ROS RSG2300: before 5.6.0
RUGGEDCOM ROS RSG2300P: before 5.6.0
RUGGEDCOM ROS RSG2488: before 5.6.0
RUGGEDCOM ROS RSL910: before 5.6.0
RUGGEDCOM ROS RST916C: before 5.6.0
RUGGEDCOM ROS RST916P: before 5.6.0
RUGGEDCOM ROS RST2228: before 5.6.0
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.