Buffer overflow in Siemens products - CVE-2021-31895
Published: July 14, 2021
Vulnerability identifier: #VU54871
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-31895
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RUGGEDCOM ROS i800
RUGGEDCOM ROS i801
RUGGEDCOM ROS i802
RUGGEDCOM ROS i803
RUGGEDCOM ROS M969
RUGGEDCOM ROS M2100
RUGGEDCOM ROS M2200
RUGGEDCOM ROS RMC
RUGGEDCOM ROS RMC20
RUGGEDCOM ROS RMC30
RUGGEDCOM ROS RMC40
RUGGEDCOM ROS RMC41
RUGGEDCOM ROS RMC8388
RUGGEDCOM ROS RP110
RUGGEDCOM ROS RS400
RUGGEDCOM ROS RS401
RUGGEDCOM ROS RS416
RUGGEDCOM ROS RS416V2
RUGGEDCOM ROS RS900 (32M)
RUGGEDCOM ROS RS900G
RUGGEDCOM ROS RS900G (32M)
RUGGEDCOM ROS RS900GP
RUGGEDCOM ROS RS900L
RUGGEDCOM ROS PS900W
RUGGEDCOM ROS RS910
RUGGEDCOM ROS RS910L
RUGGEDCOM ROS RS910W
RUGGEDCOM ROS RS920L
RUGGEDCOM ROS RS920W
RUGGEDCOM ROS RS930L
RUGGEDCOM ROS RS930W
RUGGEDCOM ROS RS940G
RUGGEDCOM ROS RS969
RUGGEDCOM ROS RS8000
RUGGEDCOM ROS RS8000A
RUGGEDCOM ROS RS8000H
RUGGEDCOM ROS RS8000T
RUGGEDCOM ROS RSG900
RUGGEDCOM ROS RSG900C
RUGGEDCOM ROS RSG900G
RUGGEDCOM ROS RSG900R
RUGGEDCOM ROS RSG920P
RUGGEDCOM ROS RSG2100 (32M)
RUGGEDCOM ROS RSG2100
RUGGEDCOM ROS RSG2100P
RUGGEDCOM ROS RSG2100P (32M)
RUGGEDCOM ROS RSG2200
RUGGEDCOM ROS RSG2288
RUGGEDCOM ROS RSG2300
RUGGEDCOM ROS RSG2300P
RUGGEDCOM ROS RSG2488
RUGGEDCOM ROS RSL910
RUGGEDCOM ROS RST916C
RUGGEDCOM ROS RST916P
RUGGEDCOM ROS RST2228
RUGGEDCOM ROS i800
RUGGEDCOM ROS i801
RUGGEDCOM ROS i802
RUGGEDCOM ROS i803
RUGGEDCOM ROS M969
RUGGEDCOM ROS M2100
RUGGEDCOM ROS M2200
RUGGEDCOM ROS RMC
RUGGEDCOM ROS RMC20
RUGGEDCOM ROS RMC30
RUGGEDCOM ROS RMC40
RUGGEDCOM ROS RMC41
RUGGEDCOM ROS RMC8388
RUGGEDCOM ROS RP110
RUGGEDCOM ROS RS400
RUGGEDCOM ROS RS401
RUGGEDCOM ROS RS416
RUGGEDCOM ROS RS416V2
RUGGEDCOM ROS RS900 (32M)
RUGGEDCOM ROS RS900G
RUGGEDCOM ROS RS900G (32M)
RUGGEDCOM ROS RS900GP
RUGGEDCOM ROS RS900L
RUGGEDCOM ROS PS900W
RUGGEDCOM ROS RS910
RUGGEDCOM ROS RS910L
RUGGEDCOM ROS RS910W
RUGGEDCOM ROS RS920L
RUGGEDCOM ROS RS920W
RUGGEDCOM ROS RS930L
RUGGEDCOM ROS RS930W
RUGGEDCOM ROS RS940G
RUGGEDCOM ROS RS969
RUGGEDCOM ROS RS8000
RUGGEDCOM ROS RS8000A
RUGGEDCOM ROS RS8000H
RUGGEDCOM ROS RS8000T
RUGGEDCOM ROS RSG900
RUGGEDCOM ROS RSG900C
RUGGEDCOM ROS RSG900G
RUGGEDCOM ROS RSG900R
RUGGEDCOM ROS RSG920P
RUGGEDCOM ROS RSG2100 (32M)
RUGGEDCOM ROS RSG2100
RUGGEDCOM ROS RSG2100P
RUGGEDCOM ROS RSG2100P (32M)
RUGGEDCOM ROS RSG2200
RUGGEDCOM ROS RSG2288
RUGGEDCOM ROS RSG2300
RUGGEDCOM ROS RSG2300P
RUGGEDCOM ROS RSG2488
RUGGEDCOM ROS RSL910
RUGGEDCOM ROS RST916C
RUGGEDCOM ROS RST916P
RUGGEDCOM ROS RST2228
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DHCP client. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.