#VU61259 Missing Encryption of Sensitive Data in Siemens products - CVE-2021-37209
Published: March 11, 2022
Vulnerability identifier: #VU61259
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-37209
CWE-ID: CWE-311
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RUGGEDCOM ROS i800
RUGGEDCOM ROS i801
RUGGEDCOM ROS i802
RUGGEDCOM ROS i803
RUGGEDCOM ROS M969
RUGGEDCOM ROS M2100
RUGGEDCOM ROS M2200
RUGGEDCOM ROS RMC
RUGGEDCOM ROS RMC20
RUGGEDCOM ROS RMC30
RUGGEDCOM ROS RMC40
RUGGEDCOM ROS RMC41
RUGGEDCOM ROS RMC8388
RUGGEDCOM ROS RP110
RUGGEDCOM ROS RS400
RUGGEDCOM ROS RS401
RUGGEDCOM ROS RS416
RUGGEDCOM ROS RS416V2
RUGGEDCOM ROS RS900 (32M)
RUGGEDCOM ROS RS900G
RUGGEDCOM ROS RS900G (32M)
RUGGEDCOM ROS RS900GP
RUGGEDCOM ROS RS900L
RUGGEDCOM ROS RS900W
RUGGEDCOM ROS RS910
RUGGEDCOM ROS RS910L
RUGGEDCOM ROS RS910W
RUGGEDCOM ROS RS920L
RUGGEDCOM ROS RS920W
RUGGEDCOM ROS RS930L
RUGGEDCOM ROS RS930W
RUGGEDCOM ROS RS940G
RUGGEDCOM ROS RS969
RUGGEDCOM ROS RS8000
RUGGEDCOM ROS RS8000A
RUGGEDCOM ROS RS8000H
RUGGEDCOM ROS RS8000T
RUGGEDCOM ROS RSG900
RUGGEDCOM ROS RSG900C
RUGGEDCOM ROS RSG900G
RUGGEDCOM ROS RSG900R
RUGGEDCOM ROS RSG907R
RUGGEDCOM ROS RSG908C
RUGGEDCOM ROS RSG909R
RUGGEDCOM ROS RSG910C
RUGGEDCOM ROS RSG920P
RUGGEDCOM ROS RSG2100
RUGGEDCOM ROS RSG2100 (32M)
RUGGEDCOM ROS RSG2100P
RUGGEDCOM ROS RSG2100P (32M)
RUGGEDCOM ROS RSG2200
RUGGEDCOM ROS RSG2288
RUGGEDCOM ROS RSG2300
RUGGEDCOM ROS RSG2300P
RUGGEDCOM ROS RSG2488
RUGGEDCOM ROS RSL910
RUGGEDCOM ROS RST916C
RUGGEDCOM ROS RST916P
RUGGEDCOM ROS RST2228
RUGGEDCOM ROS i800
RUGGEDCOM ROS i801
RUGGEDCOM ROS i802
RUGGEDCOM ROS i803
RUGGEDCOM ROS M969
RUGGEDCOM ROS M2100
RUGGEDCOM ROS M2200
RUGGEDCOM ROS RMC
RUGGEDCOM ROS RMC20
RUGGEDCOM ROS RMC30
RUGGEDCOM ROS RMC40
RUGGEDCOM ROS RMC41
RUGGEDCOM ROS RMC8388
RUGGEDCOM ROS RP110
RUGGEDCOM ROS RS400
RUGGEDCOM ROS RS401
RUGGEDCOM ROS RS416
RUGGEDCOM ROS RS416V2
RUGGEDCOM ROS RS900 (32M)
RUGGEDCOM ROS RS900G
RUGGEDCOM ROS RS900G (32M)
RUGGEDCOM ROS RS900GP
RUGGEDCOM ROS RS900L
RUGGEDCOM ROS RS900W
RUGGEDCOM ROS RS910
RUGGEDCOM ROS RS910L
RUGGEDCOM ROS RS910W
RUGGEDCOM ROS RS920L
RUGGEDCOM ROS RS920W
RUGGEDCOM ROS RS930L
RUGGEDCOM ROS RS930W
RUGGEDCOM ROS RS940G
RUGGEDCOM ROS RS969
RUGGEDCOM ROS RS8000
RUGGEDCOM ROS RS8000A
RUGGEDCOM ROS RS8000H
RUGGEDCOM ROS RS8000T
RUGGEDCOM ROS RSG900
RUGGEDCOM ROS RSG900C
RUGGEDCOM ROS RSG900G
RUGGEDCOM ROS RSG900R
RUGGEDCOM ROS RSG907R
RUGGEDCOM ROS RSG908C
RUGGEDCOM ROS RSG909R
RUGGEDCOM ROS RSG910C
RUGGEDCOM ROS RSG920P
RUGGEDCOM ROS RSG2100
RUGGEDCOM ROS RSG2100 (32M)
RUGGEDCOM ROS RSG2100P
RUGGEDCOM ROS RSG2100P (32M)
RUGGEDCOM ROS RSG2200
RUGGEDCOM ROS RSG2288
RUGGEDCOM ROS RSG2300
RUGGEDCOM ROS RSG2300P
RUGGEDCOM ROS RSG2488
RUGGEDCOM ROS RSL910
RUGGEDCOM ROS RST916C
RUGGEDCOM ROS RST916P
RUGGEDCOM ROS RST2228
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unencrypted storage of passwords in the client configuration files. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.