Action not permitted
Modal body text goes here.
cve-2021-42017
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf | Patch, Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:22:25.830Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM i800", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i801", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i802", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i803", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M2100", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M2100F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M2200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M2200F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M969", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M969F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC30", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC8388 V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC8388 V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RP110", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS1600", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS1600F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS1600T", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS400F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS401", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416P", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416PF", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416Pv2 V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416Pv2 V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416v2 V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416v2 V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000A", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000H", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000T", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900 (32M) V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900 (32M) V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900G", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900G (32M) V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900G (32M) V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900GF", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900GP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900GPF", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900M-GETS-C01", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900M-GETS-XX", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900M-STND-C01", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900M-STND-XX", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900W", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910W", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS920L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS920W", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS930L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS930W", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS940G", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS940GF", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS969", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100 (32M) V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100 (32M) V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100P", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100PF", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2200F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2288 V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2288 V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300 V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300 V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300P V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300P V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300PF", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2488 V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2488 V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2488F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG907R", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG908C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG909R", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG910C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG920P V4.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3.8" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG920P V5.X", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSL910", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST2228", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST2228P", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST916C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST916P", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.6.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.\r\n\r\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-358", "description": "CWE-358: Improperly Implemented Security Check for Standard", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-12T11:25:08.249Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-42017", "datePublished": "2022-03-08T11:31:15", "dateReserved": "2021-10-06T00:00:00", "dateUpdated": "2024-08-04T03:22:25.830Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-42017\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2022-03-08T12:15:10.890\",\"lastModified\":\"2023-12-12T12:15:08.940\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.\\r\\n\\r\\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en RUGGEDCOM ROS M2100 (Todas las versiones), RUGGEDCOM ROS M2200 (Todas las versiones), RUGGEDCOM ROS M969 (Todas las versiones), RUGGEDCOM ROS RMC (Todas las versiones), RUGGEDCOM ROS RMC20 (Todas las versiones), RUGGEDCOM ROS RMC30 (Todas las versiones), RUGGEDCOM ROS RMC40 (Todas las versiones), RUGGEDCOM ROS RMC41 (Todas las versiones), RUGGEDCOM ROS RMC8388 (Todas las versiones anteriores a V5. 6. 0), RUGGEDCOM ROS RP110 (Todas las versiones), RUGGEDCOM ROS RS400 (Todas las versiones), RUGGEDCOM ROS RS401 (Todas las versiones), RUGGEDCOM ROS RS416 (Todas las versiones), RUGGEDCOM ROS RS416v2 (Todas las versiones anteriores a V5.6. 0), RUGGEDCOM ROS RS8000 (Todas las versiones), RUGGEDCOM ROS RS8000A (Todas las versiones), RUGGEDCOM ROS RS8000H (Todas las versiones), RUGGEDCOM ROS RS8000T (Todas las versiones), RUGGEDCOM ROS RS900 (32M) (Todas las versiones anteriores a V5. 6.0), RUGGEDCOM ROS RS900G (Todas las versiones), RUGGEDCOM ROS RS900G (32M) (Todas las versiones anteriores a V5.6. 0), RUGGEDCOM ROS RS900GP (Todas las versiones), RUGGEDCOM ROS RS900L (Todas las versiones), RUGGEDCOM ROS RS900W (Todas las versiones), RUGGEDCOM ROS RS910 (Todas las versiones), RUGGEDCOM ROS RS910L (Todas las versiones), RUGGEDCOM ROS RS910W (Todas las versiones), RUGGEDCOM ROS RS920L (Todas las versiones), RUGGEDCOM ROS RS920W (Todas las versiones), RUGGEDCOM ROS RS930L (Todas las versiones), RUGGEDCOM ROS RS930W (Todas las versiones), RUGGEDCOM ROS RS940G (Todas las versiones), RUGGEDCOM ROS RS969 (Todas las versiones), RUGGEDCOM ROS RSG2100 (Todas las versiones), RUGGEDCOM ROS RSG2100 (32M) (Todas las versiones anteriores a V5. 6.0), RUGGEDCOM ROS RSG2100P (Todas las versiones), RUGGEDCOM ROS RSG2200 (Todas las versiones), RUGGEDCOM ROS RSG2288 (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RSG2300 (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RSG2300P (Todas las versiones anteriores a V5.6. 0), RUGGEDCOM ROS RSG2488 (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RSG907R (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RSG908C (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RSG909R (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RSG910C (Todas las versiones anteriores a V5. 6.0), RUGGEDCOM ROS RSG920P (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RSL910 (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RST2228 (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RST2228P (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS RST916C (Todas las versiones anteriores a V5. 6.0), RUGGEDCOM ROS RST916P (Todas las versiones anteriores a V5.6.0), RUGGEDCOM ROS i800 (Todas las versiones), RUGGEDCOM ROS i801 (Todas las versiones), RUGGEDCOM ROS i802 (Todas las versiones), RUGGEDCOM ROS i803 (Todas las versiones). Una nueva variante del ataque POODLE ha dejado vulnerable un componente de terceros debido a los fallos de implementaci\u00f3n del modo de cifrado CBC en TLS 1.0 a 1.2. Si un atacante aprovechara esto, podr\u00eda actuar como un hombre en el medio y espiar las comunicaciones cifradas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-358\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_i800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2831856D-1C5F-4436-9A78-97FA309A3E14\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_i801:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C10F20F2-3E09-4F79-87F2-79B32093189D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_i802:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50BB50DA-133E-440D-9D13-387484E6EDDD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_i803:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78CC2FFF-A890-44D0-94D5-35519286928A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_m2100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E48D7B9-139E-48EC-B8A1-8D802943A65B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_m2200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A650B2E-F416-4690-BFDE-1C026E2ED321\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_m969:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C19418-5C81-4091-AB7A-9C1A433C8396\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rmc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3D37577-B574-4A32-9B64-D097F52A2BE3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rmc20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2F39CF1-4F57-48A7-9B8F-69A94A07E1BE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rmc30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0569A25-D7FA-40BF-95CD-CA81BF416E96\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rmc40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4674627-743B-4173-ACDF-08444773D818\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rmc41:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED109F2A-818B-48A9-996F-CD3B784E448C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rp110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C83846C-DDD0-40DB-A465-68C3E66BF28D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"449E690E-FE54-4D85-8C93-6E04BAB8EB58\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs401:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25F7428E-0E4E-497D-AA82-7CF8C9060CC3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs416:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F59C884A-A7CA-4C67-B7D8-DC52318A0F97\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs8000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D970A57E-771D-4EB6-9DA9-A2367D376FE5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs8000a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B9BF9E7-E666-41D8-AC17-B1072C862CB7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs8000h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19A0D692-BBDA-4267-A636-7A42F472824F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs8000t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B7DBE7F-0792-491A-872F-6826821D3333\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs900gp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97F74A17-8571-4FBD-ADEA-90A7A800141D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs900l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE2C819C-C8A6-41B5-9BA1-C6284B122EC2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs900w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E1BE62C-39AD-4D38-9CF3-6FE5E17422D2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs910:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"785CB18D-4CC2-49F6-8637-EB74A827C862\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs910l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC4E8754-9C83-4791-B414-F7A03AE7CF89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs910w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67F888CC-DC37-4CF6-94C0-C2671592C49D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs920l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1223862-4C1C-4071-BCD5-1A96BC24C84D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs920w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB566F4-6D7E-461D-943A-3E04443336B5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs930l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC870CB9-79B9-41A2-823E-C25A23E64788\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs930w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7188D0D8-7194-411C-8D37-3A24419E7279\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs940g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1361D12A-34C8-4C3D-9727-13812BE08F7E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs969:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE5400-D40C-4721-8B02-E4CA330DDFDB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg2100p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DC2BB0C-9681-4535-8506-DE0E107F50D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg2200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DCA528E-1EBB-442D-8138-0BD7AAF5B57E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50A58761-73DA-4862-8D95-6634479A8726\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rmc8388:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC9307A5-118E-4A06-9CC5-931478BE3440\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs416v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DD536B4-BA38-4CC5-A480-163FF38FA167\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48249F47-DF98-4FA6-98B6-44C430854BCB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rs900g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A373335-A82D-4C63-B5E5-1D3A23ADC781\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg2100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E3F4E29-3BF3-4510-9DA7-3D1262719A65\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg2288:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F42A83F2-B151-48E9-BC54-AC81B5C3B017\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg2300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22A00345-A3E6-40D2-BCB3-9FE042F02119\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg2300p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B393AE3-6C76-4E36-96D3-90228AA7EC14\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg2488:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F1DB4EF-5CB1-43BA-AB1F-6D6D48ED859C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg907r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC2D072-D8EA-45A2-9C2D-7AAA65FA683F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg908c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49083023-8702-491B-A7C3-AF60FB605E9F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg909r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FDC0411-3A25-44D1-8929-FF2F4F432F8E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg910c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11AA599E-B0FD-4708-A2CB-5B3CA89FD865\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsg920p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1243655B-8636-43CF-8052-ABB5263B0BED\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F0C8879-659D-4A28-BA72-7BE05B5215CC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rst2228:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CDDB741-B3B9-42C2-9C01-A6FC87A26B44\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rst2228p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AAF8B55-5B3E-49EF-B7B4-BCCE11A09858\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rst916c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52713BFF-C34C-4233-AE92-B91D94911802\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rst916p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24F7373B-E91D-4524-9F1A-0BF4AAC9F461\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.6.0\",\"matchCriteriaId\":\"C6B395AC-2073-41DA-8577-1CF1C71161FB\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
icsa-22-069-12
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens", "summary": "reporting this vulnerability to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of this vulnerability in third-party components could cause a denial-of-service condition, act as a man-in-the-middle, allow an attacker to retrieve sensitive information, or allow an attacker to gain privileged functions.", "title": "Risk evaluation" }, { "category": "other", "text": "Critical Manufacturing", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target this vulnerability.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "external", "summary": "SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-256353.json" }, { "category": "self", "summary": "ICS Advisory ICSA-22-069-12 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-069-12.json" }, { "category": "self", "summary": "ICS Advisory ICSA-22-069-12 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-12" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" }, { "category": "external", "summary": "SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html" }, { "category": "external", "summary": "SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf" }, { "category": "external", "summary": "SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-256353.txt" } ], "title": "Siemens RUGGEDCOM ROS", "tracking": { "current_release_date": "2022-04-14T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-22-069-12", "initial_release_date": "2022-03-10T00:00:00.000000Z", "revision_history": [ { "date": "2022-03-10T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-22-069-12 Siemens RUGGEDCOM ROS" }, { "date": "2022-04-14T00:00:00.000000Z", "legacy_version": "A", "number": "2", "summary": "ICSA-22-069-12 Siemens RUGGEDCOM ROS (Update A)" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM i800", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "RUGGEDCOM i800" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM i800NC", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "RUGGEDCOM i800NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM i801", "product_id": "CSAFPID-0003" } } ], "category": "product_name", "name": "RUGGEDCOM i801" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM i801NC", "product_id": "CSAFPID-0004" } } ], "category": "product_name", "name": "RUGGEDCOM i801NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM i802", "product_id": "CSAFPID-0005" } } ], "category": "product_name", "name": "RUGGEDCOM i802" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM i802NC", "product_id": "CSAFPID-0006" } } ], "category": "product_name", "name": "RUGGEDCOM i802NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM i803", "product_id": "CSAFPID-0007" } } ], "category": "product_name", "name": "RUGGEDCOM i803" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM i803NC", "product_id": "CSAFPID-0008" } } ], "category": "product_name", "name": "RUGGEDCOM i803NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM M2100", "product_id": "CSAFPID-0009" } } ], "category": "product_name", "name": "RUGGEDCOM M2100" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM M2100F", "product_id": "CSAFPID-00010" } } ], "category": "product_name", "name": "RUGGEDCOM M2100F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM M2100NC", "product_id": "CSAFPID-00011" } } ], "category": "product_name", "name": "RUGGEDCOM M2100NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM M2200", "product_id": "CSAFPID-00012" } } ], "category": "product_name", "name": "RUGGEDCOM M2200" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM M2200F", "product_id": "CSAFPID-00013" } } ], "category": "product_name", "name": "RUGGEDCOM M2200F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM M2200NC", "product_id": "CSAFPID-00014" } } ], "category": "product_name", "name": "RUGGEDCOM M2200NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM M969", "product_id": "CSAFPID-00015" } } ], "category": "product_name", "name": "RUGGEDCOM M969" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM M969F", "product_id": "CSAFPID-00016" } } ], "category": "product_name", "name": "RUGGEDCOM M969F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM M969NC", "product_id": "CSAFPID-00017" } } ], "category": "product_name", "name": "RUGGEDCOM M969NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RMC30", "product_id": "CSAFPID-00018" } } ], "category": "product_name", "name": "RUGGEDCOM RMC30" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RMC30NC", "product_id": "CSAFPID-00019" } } ], "category": "product_name", "name": "RUGGEDCOM RMC30NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RMC8388 V4.X", "product_id": "CSAFPID-00020" } } ], "category": "product_name", "name": "RUGGEDCOM RMC8388 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RMC8388 V5.X", "product_id": "CSAFPID-00021" } } ], "category": "product_name", "name": "RUGGEDCOM RMC8388 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RMC8388NC V4.X", "product_id": "CSAFPID-00022" } } ], "category": "product_name", "name": "RUGGEDCOM RMC8388NC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RMC8388NC V5.X", "product_id": "CSAFPID-00023" } } ], "category": "product_name", "name": "RUGGEDCOM RMC8388NC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RP110", "product_id": "CSAFPID-00024" } } ], "category": "product_name", "name": "RUGGEDCOM RP110" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RP110NC", "product_id": "CSAFPID-00025" } } ], "category": "product_name", "name": "RUGGEDCOM RP110NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600", "product_id": "CSAFPID-00026" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600F", "product_id": "CSAFPID-00027" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600FNC", "product_id": "CSAFPID-00028" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600FNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600NC", "product_id": "CSAFPID-00029" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600T", "product_id": "CSAFPID-00030" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600T" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600TNC", "product_id": "CSAFPID-00031" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600TNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS400", "product_id": "CSAFPID-00032" } } ], "category": "product_name", "name": "RUGGEDCOM RS400" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS400F", "product_id": "CSAFPID-00033" } } ], "category": "product_name", "name": "RUGGEDCOM RS400F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS400NC", "product_id": "CSAFPID-00034" } } ], "category": "product_name", "name": "RUGGEDCOM RS400NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS401", "product_id": "CSAFPID-00035" } } ], "category": "product_name", "name": "RUGGEDCOM RS401" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS401NC", "product_id": "CSAFPID-00036" } } ], "category": "product_name", "name": "RUGGEDCOM RS401NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416", "product_id": "CSAFPID-00037" } } ], "category": "product_name", "name": "RUGGEDCOM RS416" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS416F", "product_id": "CSAFPID-00038" } } ], "category": "product_name", "name": "RUGGEDCOM RS416F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416NC", "product_id": "CSAFPID-00039" } } ], "category": "product_name", "name": "RUGGEDCOM RS416NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS416NC v2", "product_id": "CSAFPID-00040" } } ], "category": "product_name", "name": "RUGGEDCOM RS416NC v2" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416P", "product_id": "CSAFPID-00041" } } ], "category": "product_name", "name": "RUGGEDCOM RS416P" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS416PF", "product_id": "CSAFPID-00042" } } ], "category": "product_name", "name": "RUGGEDCOM RS416PF" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416PNC", "product_id": "CSAFPID-00043" } } ], "category": "product_name", "name": "RUGGEDCOM RS416PNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS416PNC v2", "product_id": "CSAFPID-00044" } } ], "category": "product_name", "name": "RUGGEDCOM RS416PNC v2" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS416Pv2", "product_id": "CSAFPID-00045" } } ], "category": "product_name", "name": "RUGGEDCOM RS416Pv2" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS416v2", "product_id": "CSAFPID-00046" } } ], "category": "product_name", "name": "RUGGEDCOM RS416v2" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000", "product_id": "CSAFPID-00047" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000A", "product_id": "CSAFPID-00048" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000A" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000ANC", "product_id": "CSAFPID-00049" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000ANC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000H", "product_id": "CSAFPID-00050" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000H" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000HNC", "product_id": "CSAFPID-00051" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000HNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000NC", "product_id": "CSAFPID-00052" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000T", "product_id": "CSAFPID-00053" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000T" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000TNC", "product_id": "CSAFPID-00054" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000TNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900", "product_id": "CSAFPID-00055" } } ], "category": "product_name", "name": "RUGGEDCOM RS900" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900 (32M) V4.X", "product_id": "CSAFPID-00056" } } ], "category": "product_name", "name": "RUGGEDCOM RS900 (32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS900 (32M) V5.X", "product_id": "CSAFPID-00057" } } ], "category": "product_name", "name": "RUGGEDCOM RS900 (32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS900F", "product_id": "CSAFPID-00058" } } ], "category": "product_name", "name": "RUGGEDCOM RS900F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900G", "product_id": "CSAFPID-00059" } } ], "category": "product_name", "name": "RUGGEDCOM RS900G" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900G (32M) V4.X", "product_id": "CSAFPID-00060" } } ], "category": "product_name", "name": "RUGGEDCOM RS900G (32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS900G (32M) V5.X", "product_id": "CSAFPID-00061" } } ], "category": "product_name", "name": "RUGGEDCOM RS900G (32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS900GF", "product_id": "CSAFPID-00062" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GF" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900GNC", "product_id": "CSAFPID-00063" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900GNC(32M) V4.X", "product_id": "CSAFPID-00064" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GNC(32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS900GNC(32M) V5.X", "product_id": "CSAFPID-00065" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GNC(32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900GP", "product_id": "CSAFPID-00066" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GP" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS900GPF", "product_id": "CSAFPID-00067" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GPF" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900GPNC", "product_id": "CSAFPID-00068" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GPNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900L", "product_id": "CSAFPID-00069" } } ], "category": "product_name", "name": "RUGGEDCOM RS900L" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900LNC", "product_id": "CSAFPID-00070" } } ], "category": "product_name", "name": "RUGGEDCOM RS900LNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900M-GETS-C01", "product_id": "CSAFPID-00071" } } ], "category": "product_name", "name": "RUGGEDCOM RS900M-GETS-C01" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900M-GETS-XX", "product_id": "CSAFPID-00072" } } ], "category": "product_name", "name": "RUGGEDCOM RS900M-GETS-XX" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900M-STND-C01", "product_id": "CSAFPID-00073" } } ], "category": "product_name", "name": "RUGGEDCOM RS900M-STND-C01" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900M-STND-XX", "product_id": "CSAFPID-00074" } } ], "category": "product_name", "name": "RUGGEDCOM RS900M-STND-XX" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900MNC-GETS-C01", "product_id": "CSAFPID-00075" } } ], "category": "product_name", "name": "RUGGEDCOM RS900MNC-GETS-C01" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900MNC-GETS-XX", "product_id": "CSAFPID-00076" } } ], "category": "product_name", "name": "RUGGEDCOM RS900MNC-GETS-XX" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900MNC-STND-XX", "product_id": "CSAFPID-00077" } } ], "category": "product_name", "name": "RUGGEDCOM RS900MNC-STND-XX" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900MNC-STND-XX-C01", "product_id": "CSAFPID-00078" } } ], "category": "product_name", "name": "RUGGEDCOM RS900MNC-STND-XX-C01" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900NC", "product_id": "CSAFPID-00079" } } ], "category": "product_name", "name": "RUGGEDCOM RS900NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900NC(32M) V4.X", "product_id": "CSAFPID-00080" } } ], "category": "product_name", "name": "RUGGEDCOM RS900NC(32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS900NC(32M) V5.X", "product_id": "CSAFPID-00081" } } ], "category": "product_name", "name": "RUGGEDCOM RS900NC(32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900W", "product_id": "CSAFPID-00082" } } ], "category": "product_name", "name": "RUGGEDCOM RS900W" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910", "product_id": "CSAFPID-00083" } } ], "category": "product_name", "name": "RUGGEDCOM RS910" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910L", "product_id": "CSAFPID-00084" } } ], "category": "product_name", "name": "RUGGEDCOM RS910L" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910LNC", "product_id": "CSAFPID-00085" } } ], "category": "product_name", "name": "RUGGEDCOM RS910LNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910NC", "product_id": "CSAFPID-00086" } } ], "category": "product_name", "name": "RUGGEDCOM RS910NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910W", "product_id": "CSAFPID-00087" } } ], "category": "product_name", "name": "RUGGEDCOM RS910W" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS920L", "product_id": "CSAFPID-00088" } } ], "category": "product_name", "name": "RUGGEDCOM RS920L" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS920LNC", "product_id": "CSAFPID-00089" } } ], "category": "product_name", "name": "RUGGEDCOM RS920LNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS920W", "product_id": "CSAFPID-00090" } } ], "category": "product_name", "name": "RUGGEDCOM RS920W" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS930L", "product_id": "CSAFPID-00091" } } ], "category": "product_name", "name": "RUGGEDCOM RS930L" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS930LNC", "product_id": "CSAFPID-00092" } } ], "category": "product_name", "name": "RUGGEDCOM RS930LNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS930W", "product_id": "CSAFPID-00093" } } ], "category": "product_name", "name": "RUGGEDCOM RS930W" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS940G", "product_id": "CSAFPID-00094" } } ], "category": "product_name", "name": "RUGGEDCOM RS940G" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS940GF", "product_id": "CSAFPID-00095" } } ], "category": "product_name", "name": "RUGGEDCOM RS940GF" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS940GNC", "product_id": "CSAFPID-00096" } } ], "category": "product_name", "name": "RUGGEDCOM RS940GNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS969", "product_id": "CSAFPID-00097" } } ], "category": "product_name", "name": "RUGGEDCOM RS969" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS969NC", "product_id": "CSAFPID-00098" } } ], "category": "product_name", "name": "RUGGEDCOM RS969NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100", "product_id": "CSAFPID-00099" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100 (32M) V4.X", "product_id": "CSAFPID-000100" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100 (32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2100 (32M) V5.X", "product_id": "CSAFPID-000101" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100 (32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2100F", "product_id": "CSAFPID-000102" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100NC", "product_id": "CSAFPID-000103" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100NC(32M) V4.X", "product_id": "CSAFPID-000104" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100NC(32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2100NC(32M) V5.X", "product_id": "CSAFPID-000105" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100NC(32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100P", "product_id": "CSAFPID-000106" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100P" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2100PF", "product_id": "CSAFPID-000107" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100PF" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100PNC", "product_id": "CSAFPID-000108" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100PNC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2200", "product_id": "CSAFPID-000109" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2200" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2200F", "product_id": "CSAFPID-000110" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2200F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2200NC", "product_id": "CSAFPID-000111" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2200NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2288 V4.X", "product_id": "CSAFPID-000112" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2288 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2288 V5.X", "product_id": "CSAFPID-000113" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2288 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2288NC V4.X", "product_id": "CSAFPID-000114" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2288NC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2288NC V5.X", "product_id": "CSAFPID-000115" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2288NC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2300 V4.X", "product_id": "CSAFPID-000116" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2300 V5.X", "product_id": "CSAFPID-000117" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2300F", "product_id": "CSAFPID-000118" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2300NC V4.X", "product_id": "CSAFPID-000119" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300NC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2300NC V5.X", "product_id": "CSAFPID-000120" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300NC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2300P V4.X", "product_id": "CSAFPID-000121" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300P V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2300P V5.X", "product_id": "CSAFPID-000122" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300P V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2300PF", "product_id": "CSAFPID-000123" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300PF" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2300PNC V4.X", "product_id": "CSAFPID-000124" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300PNC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2300PNC V5.X", "product_id": "CSAFPID-000125" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300PNC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2488 V4.X", "product_id": "CSAFPID-000126" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2488 V5.X", "product_id": "CSAFPID-000127" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2488F", "product_id": "CSAFPID-000128" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488F" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2488NC V4.X", "product_id": "CSAFPID-000129" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488NC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2488NC V5.X", "product_id": "CSAFPID-000130" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488NC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG907R", "product_id": "CSAFPID-000131" } } ], "category": "product_name", "name": "RUGGEDCOM RSG907R" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG908C", "product_id": "CSAFPID-000132" } } ], "category": "product_name", "name": "RUGGEDCOM RSG908C" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG909R", "product_id": "CSAFPID-000133" } } ], "category": "product_name", "name": "RUGGEDCOM RSG909R" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG910C", "product_id": "CSAFPID-000134" } } ], "category": "product_name", "name": "RUGGEDCOM RSG910C" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG920P V4.X", "product_id": "CSAFPID-000135" } } ], "category": "product_name", "name": "RUGGEDCOM RSG920P V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG920P V5.X", "product_id": "CSAFPID-000136" } } ], "category": "product_name", "name": "RUGGEDCOM RSG920P V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG920PNC V4.X", "product_id": "CSAFPID-000137" } } ], "category": "product_name", "name": "RUGGEDCOM RSG920PNC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG920PNC V5.X", "product_id": "CSAFPID-000138" } } ], "category": "product_name", "name": "RUGGEDCOM RSG920PNC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSL910", "product_id": "CSAFPID-000139" } } ], "category": "product_name", "name": "RUGGEDCOM RSL910" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSL910NC", "product_id": "CSAFPID-000140" } } ], "category": "product_name", "name": "RUGGEDCOM RSL910NC" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RST2228", "product_id": "CSAFPID-000141" } } ], "category": "product_name", "name": "RUGGEDCOM RST2228" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RST2228P", "product_id": "CSAFPID-000142" } } ], "category": "product_name", "name": "RUGGEDCOM RST2228P" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RST916C", "product_id": "CSAFPID-000143" } } ], "category": "product_name", "name": "RUGGEDCOM RST916C" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV5.6.0", "product": { "name": "RUGGEDCOM RST916P", "product_id": "CSAFPID-000144" } } ], "category": "product_name", "name": "RUGGEDCOM RST916P" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-37208", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "summary", "text": "Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37208" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42016" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42017" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42018" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42019" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42020" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" } ], "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-00010", "CSAFPID-00013", "CSAFPID-00016", "CSAFPID-00033", "CSAFPID-00038", "CSAFPID-00042", "CSAFPID-00058", "CSAFPID-00062", "CSAFPID-00067", "CSAFPID-00095", "CSAFPID-000102", "CSAFPID-000107", "CSAFPID-000110", "CSAFPID-000118", "CSAFPID-000123", "CSAFPID-000128" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00012", "CSAFPID-00015", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00066", "CSAFPID-00069", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000106", "CSAFPID-000109", "CSAFPID-000112", "CSAFPID-000116", "CSAFPID-000121", "CSAFPID-000126", "CSAFPID-000135" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0002", "CSAFPID-0004", "CSAFPID-0006", "CSAFPID-0008", "CSAFPID-00011", "CSAFPID-00014", "CSAFPID-00017", "CSAFPID-00019", "CSAFPID-00022", "CSAFPID-00025", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00031", "CSAFPID-00034", "CSAFPID-00036", "CSAFPID-00039", "CSAFPID-00041", "CSAFPID-00043", "CSAFPID-00049", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00054", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00068", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00089", "CSAFPID-00092", "CSAFPID-00096", "CSAFPID-00098", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000108", "CSAFPID-000111", "CSAFPID-000114", "CSAFPID-000119", "CSAFPID-000124", "CSAFPID-000129", "CSAFPID-000137" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00021", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00057", "CSAFPID-00061", "CSAFPID-000101", "CSAFPID-000113", "CSAFPID-000117", "CSAFPID-000122", "CSAFPID-000127", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00023", "CSAFPID-00040", "CSAFPID-00044", "CSAFPID-00065", "CSAFPID-00081", "CSAFPID-000105", "CSAFPID-000115", "CSAFPID-000120", "CSAFPID-000125", "CSAFPID-000130", "CSAFPID-000138", "CSAFPID-000140" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.6, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H/E:P/RL:T/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "title": "CVE-2021-37208" }, { "cve": "CVE-2021-42016", "cwe": { "id": "CWE-208", "name": "Observable Timing Discrepancy" }, "notes": [ { "category": "summary", "text": "A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. \r\n\r\nIf a threat actor were to exploit this, the data integrity and security could be compromised.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-00010", "CSAFPID-00013", "CSAFPID-00016", "CSAFPID-00033", "CSAFPID-00038", "CSAFPID-00042", "CSAFPID-00058", "CSAFPID-00062", "CSAFPID-00067", "CSAFPID-00095", "CSAFPID-000102", "CSAFPID-000107", "CSAFPID-000110", "CSAFPID-000118", "CSAFPID-000123", "CSAFPID-000128" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00012", "CSAFPID-00015", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00066", "CSAFPID-00069", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000106", "CSAFPID-000109", "CSAFPID-000112", "CSAFPID-000116", "CSAFPID-000121", "CSAFPID-000126", "CSAFPID-000135" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-00041", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00021", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00057", "CSAFPID-00061", "CSAFPID-000101", "CSAFPID-000113", "CSAFPID-000117", "CSAFPID-000122", "CSAFPID-000127", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "title": "CVE-2021-42016" }, { "cve": "CVE-2021-42017", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "notes": [ { "category": "summary", "text": "A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.\r\n\r\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-00010", "CSAFPID-00013", "CSAFPID-00016", "CSAFPID-00033", "CSAFPID-00038", "CSAFPID-00042", "CSAFPID-00058", "CSAFPID-00062", "CSAFPID-00067", "CSAFPID-00095", "CSAFPID-000102", "CSAFPID-000107", "CSAFPID-000110", "CSAFPID-000118", "CSAFPID-000123", "CSAFPID-000128" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00012", "CSAFPID-00015", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00066", "CSAFPID-00069", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000106", "CSAFPID-000109", "CSAFPID-000112", "CSAFPID-000116", "CSAFPID-000121", "CSAFPID-000126", "CSAFPID-000135" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-00041", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00021", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00057", "CSAFPID-00061", "CSAFPID-000101", "CSAFPID-000113", "CSAFPID-000117", "CSAFPID-000122", "CSAFPID-000127", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00069", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "title": "CVE-2021-42017" }, { "cve": "CVE-2021-42018", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked.\r\n\r\nTherefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-00010", "CSAFPID-00013", "CSAFPID-00016", "CSAFPID-00033", "CSAFPID-00038", "CSAFPID-00042", "CSAFPID-00058", "CSAFPID-00062", "CSAFPID-00067", "CSAFPID-00095", "CSAFPID-000102", "CSAFPID-000107", "CSAFPID-000110", "CSAFPID-000118", "CSAFPID-000123", "CSAFPID-000128" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00012", "CSAFPID-00015", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00066", "CSAFPID-00069", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000106", "CSAFPID-000109", "CSAFPID-000112", "CSAFPID-000116", "CSAFPID-000121", "CSAFPID-000126", "CSAFPID-000135" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0002", "CSAFPID-0004", "CSAFPID-0006", "CSAFPID-0008", "CSAFPID-00011", "CSAFPID-00014", "CSAFPID-00017", "CSAFPID-00019", "CSAFPID-00022", "CSAFPID-00025", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00031", "CSAFPID-00034", "CSAFPID-00036", "CSAFPID-00039", "CSAFPID-00041", "CSAFPID-00043", "CSAFPID-00049", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00054", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00068", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00089", "CSAFPID-00092", "CSAFPID-00096", "CSAFPID-00098", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000108", "CSAFPID-000111", "CSAFPID-000114", "CSAFPID-000119", "CSAFPID-000124", "CSAFPID-000129", "CSAFPID-000137" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00021", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00057", "CSAFPID-00061", "CSAFPID-000101", "CSAFPID-000113", "CSAFPID-000117", "CSAFPID-000122", "CSAFPID-000127", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00023", "CSAFPID-00040", "CSAFPID-00044", "CSAFPID-00065", "CSAFPID-00081", "CSAFPID-000105", "CSAFPID-000115", "CSAFPID-000120", "CSAFPID-000125", "CSAFPID-000130", "CSAFPID-000138", "CSAFPID-000140" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "title": "CVE-2021-42018" }, { "cve": "CVE-2021-42019", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "Within a third-party component, the process to allocate partition size fails to check memory boundaries.\r\n\r\nTherefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "CSAFPID-00010", "CSAFPID-00013", "CSAFPID-00016", "CSAFPID-00033", "CSAFPID-00038", "CSAFPID-00042", "CSAFPID-00058", "CSAFPID-00062", "CSAFPID-00067", "CSAFPID-00095", "CSAFPID-000102", "CSAFPID-000107", "CSAFPID-000110", "CSAFPID-000118", "CSAFPID-000123", "CSAFPID-000128" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00012", "CSAFPID-00015", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00066", "CSAFPID-00069", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000106", "CSAFPID-000109", "CSAFPID-000112", "CSAFPID-000116", "CSAFPID-000121", "CSAFPID-000126", "CSAFPID-000135" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0002", "CSAFPID-0004", "CSAFPID-0006", "CSAFPID-0008", "CSAFPID-00011", "CSAFPID-00014", "CSAFPID-00017", "CSAFPID-00019", "CSAFPID-00022", "CSAFPID-00025", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00031", "CSAFPID-00034", "CSAFPID-00036", "CSAFPID-00039", "CSAFPID-00041", "CSAFPID-00043", "CSAFPID-00049", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00054", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00068", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00089", "CSAFPID-00092", "CSAFPID-00096", "CSAFPID-00098", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000108", "CSAFPID-000111", "CSAFPID-000114", "CSAFPID-000119", "CSAFPID-000124", "CSAFPID-000129", "CSAFPID-000137" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00021", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00057", "CSAFPID-00061", "CSAFPID-000101", "CSAFPID-000113", "CSAFPID-000117", "CSAFPID-000122", "CSAFPID-000127", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00023", "CSAFPID-00040", "CSAFPID-00044", "CSAFPID-00065", "CSAFPID-00081", "CSAFPID-000105", "CSAFPID-000115", "CSAFPID-000120", "CSAFPID-000125", "CSAFPID-000130", "CSAFPID-000138", "CSAFPID-000140" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000110", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000118", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000123", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000128", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "title": "CVE-2021-42019" }, { "cve": "CVE-2021-42020", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "notes": [ { "category": "summary", "text": "The third-party component, in its TFTP functionality fails to check for null terminations in file names.\r\n\r\nIf an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0001", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-0009", "CSAFPID-00012", "CSAFPID-00015", "CSAFPID-00018", "CSAFPID-00020", "CSAFPID-00024", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00030", "CSAFPID-00032", "CSAFPID-00035", "CSAFPID-00037", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00050", "CSAFPID-00053", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00066", "CSAFPID-00069", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00097", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000106", "CSAFPID-000109", "CSAFPID-000112", "CSAFPID-000116", "CSAFPID-000121", "CSAFPID-000126", "CSAFPID-000135" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "CSAFPID-0002", "CSAFPID-0004", "CSAFPID-0006", "CSAFPID-0008", "CSAFPID-00011", "CSAFPID-00014", "CSAFPID-00017", "CSAFPID-00019", "CSAFPID-00022", "CSAFPID-00025", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00031", "CSAFPID-00034", "CSAFPID-00036", "CSAFPID-00039", "CSAFPID-00041", "CSAFPID-00043", "CSAFPID-00049", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00054", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00068", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00089", "CSAFPID-00092", "CSAFPID-00096", "CSAFPID-00098", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000108", "CSAFPID-000111", "CSAFPID-000114", "CSAFPID-000119", "CSAFPID-000124", "CSAFPID-000129", "CSAFPID-000137" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00021", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00057", "CSAFPID-00061", "CSAFPID-000101", "CSAFPID-000113", "CSAFPID-000117", "CSAFPID-000122", "CSAFPID-000127", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000136", "CSAFPID-000139", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "CSAFPID-00023", "CSAFPID-00040", "CSAFPID-00044", "CSAFPID-00065", "CSAFPID-00081", "CSAFPID-000105", "CSAFPID-000115", "CSAFPID-000120", "CSAFPID-000125", "CSAFPID-000130", "CSAFPID-000138", "CSAFPID-000140" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000108", "CSAFPID-000109", "CSAFPID-000111", "CSAFPID-000112", "CSAFPID-000113", "CSAFPID-000114", "CSAFPID-000115", "CSAFPID-000116", "CSAFPID-000117", "CSAFPID-000119", "CSAFPID-000120", "CSAFPID-000121", "CSAFPID-000122", "CSAFPID-000124", "CSAFPID-000125", "CSAFPID-000126", "CSAFPID-000127", "CSAFPID-000129", "CSAFPID-000130", "CSAFPID-000131", "CSAFPID-000132", "CSAFPID-000133", "CSAFPID-000134", "CSAFPID-000135", "CSAFPID-000136", "CSAFPID-000137", "CSAFPID-000138", "CSAFPID-000139", "CSAFPID-000140", "CSAFPID-000141", "CSAFPID-000142", "CSAFPID-000143", "CSAFPID-000144" ] } ], "title": "CVE-2021-42020" } ] }
ssa-256353
Vulnerability from csaf_siemens
Notes
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)", "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Multiple vulnerabilities affect various third-party components of the RUGGEDCOM Operating System (ROS). If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.", "title": "Summary" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "productcert@siemens.com", "name": "Siemens ProductCERT", "namespace": "https://www.siemens.com" }, "references": [ { "category": "self", "summary": "SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html" }, { "category": "self", "summary": "SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-256353.json" }, { "category": "self", "summary": "SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf" }, { "category": "self", "summary": "SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-256353.txt" } ], "title": "SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS", "tracking": { "current_release_date": "2023-12-12T00:00:00Z", "generator": { "engine": { "name": "Siemens ProductCERT CSAF Generator", "version": "1" } }, "id": "SSA-256353", "initial_release_date": "2022-03-08T00:00:00Z", "revision_history": [ { "date": "2022-03-08T00:00:00Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" }, { "date": "2022-03-11T00:00:00Z", "legacy_version": "1.1", "number": "2", "summary": "Corrected the list of affected products and fix releases" }, { "date": "2022-04-12T00:00:00Z", "legacy_version": "1.2", "number": "3", "summary": "Added acknowledgements" }, { "date": "2023-03-14T00:00:00Z", "legacy_version": "1.3", "number": "4", "summary": "Corrected the list of affected products and added fix for V4.3.8" }, { "date": "2023-04-11T00:00:00Z", "legacy_version": "1.4", "number": "5", "summary": "Added multiple missing affected products (only affected by CVE-2021-37208, CVE-2021-42016, CVE-2021-42017, CVE-2021-42018 and CVE-2021-42019) with no fix currently planned" }, { "date": "2023-12-12T00:00:00Z", "legacy_version": "1.5", "number": "6", "summary": "Added missing affected products: RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416PNCv2 V4.x, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416Pv2 V4.X. Adjusted the name of RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416PNCv2 V5.x, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS416Pv2 V5.X (added reference to V5.X). Added Additional note for FIPS devices" } ], "status": "interim", "version": "6" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM i800", "product_id": "1" } } ], "category": "product_name", "name": "RUGGEDCOM i800" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM i800NC", "product_id": "2" } } ], "category": "product_name", "name": "RUGGEDCOM i800NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM i801", "product_id": "3" } } ], "category": "product_name", "name": "RUGGEDCOM i801" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM i801NC", "product_id": "4" } } ], "category": "product_name", "name": "RUGGEDCOM i801NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM i802", "product_id": "5" } } ], "category": "product_name", "name": "RUGGEDCOM i802" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM i802NC", "product_id": "6" } } ], "category": "product_name", "name": "RUGGEDCOM i802NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM i803", "product_id": "7" } } ], "category": "product_name", "name": "RUGGEDCOM i803" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM i803NC", "product_id": "8" } } ], "category": "product_name", "name": "RUGGEDCOM i803NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM M969", "product_id": "9" } } ], "category": "product_name", "name": "RUGGEDCOM M969" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM M969F", "product_id": "10" } } ], "category": "product_name", "name": "RUGGEDCOM M969F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM M969NC", "product_id": "11" } } ], "category": "product_name", "name": "RUGGEDCOM M969NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM M2100", "product_id": "12" } } ], "category": "product_name", "name": "RUGGEDCOM M2100" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM M2100F", "product_id": "13" } } ], "category": "product_name", "name": "RUGGEDCOM M2100F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM M2100NC", "product_id": "14" } } ], "category": "product_name", "name": "RUGGEDCOM M2100NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM M2200", "product_id": "15" } } ], "category": "product_name", "name": "RUGGEDCOM M2200" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM M2200F", "product_id": "16" } } ], "category": "product_name", "name": "RUGGEDCOM M2200F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM M2200NC", "product_id": "17" } } ], "category": "product_name", "name": "RUGGEDCOM M2200NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RMC30", "product_id": "18" } } ], "category": "product_name", "name": "RUGGEDCOM RMC30" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RMC30NC", "product_id": "19" } } ], "category": "product_name", "name": "RUGGEDCOM RMC30NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RMC8388 V4.X", "product_id": "20" } } ], "category": "product_name", "name": "RUGGEDCOM RMC8388 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RMC8388 V5.X", "product_id": "21" } } ], "category": "product_name", "name": "RUGGEDCOM RMC8388 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RMC8388NC V4.X", "product_id": "22" } } ], "category": "product_name", "name": "RUGGEDCOM RMC8388NC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RMC8388NC V5.X", "product_id": "23" } } ], "category": "product_name", "name": "RUGGEDCOM RMC8388NC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RP110", "product_id": "24" } } ], "category": "product_name", "name": "RUGGEDCOM RP110" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RP110NC", "product_id": "25" } } ], "category": "product_name", "name": "RUGGEDCOM RP110NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS400", "product_id": "26" } } ], "category": "product_name", "name": "RUGGEDCOM RS400" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS400F", "product_id": "27" } } ], "category": "product_name", "name": "RUGGEDCOM RS400F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS400NC", "product_id": "28" } } ], "category": "product_name", "name": "RUGGEDCOM RS400NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS401", "product_id": "29" } } ], "category": "product_name", "name": "RUGGEDCOM RS401" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS401NC", "product_id": "30" } } ], "category": "product_name", "name": "RUGGEDCOM RS401NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416", "product_id": "31" } } ], "category": "product_name", "name": "RUGGEDCOM RS416" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS416F", "product_id": "32" } } ], "category": "product_name", "name": "RUGGEDCOM RS416F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416NC", "product_id": "33" } } ], "category": "product_name", "name": "RUGGEDCOM RS416NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416NCv2 V4.X", "product_id": "34" } } ], "category": "product_name", "name": "RUGGEDCOM RS416NCv2 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS416NCv2 V5.X", "product_id": "35" } } ], "category": "product_name", "name": "RUGGEDCOM RS416NCv2 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416P", "product_id": "36" } } ], "category": "product_name", "name": "RUGGEDCOM RS416P" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS416PF", "product_id": "37" } } ], "category": "product_name", "name": "RUGGEDCOM RS416PF" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416PNC", "product_id": "38" } } ], "category": "product_name", "name": "RUGGEDCOM RS416PNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416PNCv2 V4.X", "product_id": "39" } } ], "category": "product_name", "name": "RUGGEDCOM RS416PNCv2 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS416PNCv2 V5.X", "product_id": "40" } } ], "category": "product_name", "name": "RUGGEDCOM RS416PNCv2 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416Pv2 V4.X", "product_id": "41" } } ], "category": "product_name", "name": "RUGGEDCOM RS416Pv2 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS416Pv2 V5.X", "product_id": "42" } } ], "category": "product_name", "name": "RUGGEDCOM RS416Pv2 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS416v2 V4.X", "product_id": "43" } } ], "category": "product_name", "name": "RUGGEDCOM RS416v2 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS416v2 V5.X", "product_id": "44" } } ], "category": "product_name", "name": "RUGGEDCOM RS416v2 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900", "product_id": "45" } } ], "category": "product_name", "name": "RUGGEDCOM RS900" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900 (32M) V4.X", "product_id": "46" } } ], "category": "product_name", "name": "RUGGEDCOM RS900 (32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS900 (32M) V5.X", "product_id": "47" } } ], "category": "product_name", "name": "RUGGEDCOM RS900 (32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS900F", "product_id": "48" } } ], "category": "product_name", "name": "RUGGEDCOM RS900F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900G", "product_id": "49" } } ], "category": "product_name", "name": "RUGGEDCOM RS900G" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900G (32M) V4.X", "product_id": "50" } } ], "category": "product_name", "name": "RUGGEDCOM RS900G (32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS900G (32M) V5.X", "product_id": "51" } } ], "category": "product_name", "name": "RUGGEDCOM RS900G (32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS900GF", "product_id": "52" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GF" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900GNC", "product_id": "53" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900GNC(32M) V4.X", "product_id": "54" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GNC(32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS900GNC(32M) V5.X", "product_id": "55" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GNC(32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900GP", "product_id": "56" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GP" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS900GPF", "product_id": "57" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GPF" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900GPNC", "product_id": "58" } } ], "category": "product_name", "name": "RUGGEDCOM RS900GPNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900L", "product_id": "59" } } ], "category": "product_name", "name": "RUGGEDCOM RS900L" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900LNC", "product_id": "60" } } ], "category": "product_name", "name": "RUGGEDCOM RS900LNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900M-GETS-C01", "product_id": "61" } } ], "category": "product_name", "name": "RUGGEDCOM RS900M-GETS-C01" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900M-GETS-XX", "product_id": "62" } } ], "category": "product_name", "name": "RUGGEDCOM RS900M-GETS-XX" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900M-STND-C01", "product_id": "63" } } ], "category": "product_name", "name": "RUGGEDCOM RS900M-STND-C01" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900M-STND-XX", "product_id": "64" } } ], "category": "product_name", "name": "RUGGEDCOM RS900M-STND-XX" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900MNC-GETS-C01", "product_id": "65" } } ], "category": "product_name", "name": "RUGGEDCOM RS900MNC-GETS-C01" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900MNC-GETS-XX", "product_id": "66" } } ], "category": "product_name", "name": "RUGGEDCOM RS900MNC-GETS-XX" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900MNC-STND-XX", "product_id": "67" } } ], "category": "product_name", "name": "RUGGEDCOM RS900MNC-STND-XX" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900MNC-STND-XX-C01", "product_id": "68" } } ], "category": "product_name", "name": "RUGGEDCOM RS900MNC-STND-XX-C01" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900NC", "product_id": "69" } } ], "category": "product_name", "name": "RUGGEDCOM RS900NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900NC(32M) V4.X", "product_id": "70" } } ], "category": "product_name", "name": "RUGGEDCOM RS900NC(32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RS900NC(32M) V5.X", "product_id": "71" } } ], "category": "product_name", "name": "RUGGEDCOM RS900NC(32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS900W", "product_id": "72" } } ], "category": "product_name", "name": "RUGGEDCOM RS900W" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910", "product_id": "73" } } ], "category": "product_name", "name": "RUGGEDCOM RS910" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910L", "product_id": "74" } } ], "category": "product_name", "name": "RUGGEDCOM RS910L" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910LNC", "product_id": "75" } } ], "category": "product_name", "name": "RUGGEDCOM RS910LNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910NC", "product_id": "76" } } ], "category": "product_name", "name": "RUGGEDCOM RS910NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS910W", "product_id": "77" } } ], "category": "product_name", "name": "RUGGEDCOM RS910W" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS920L", "product_id": "78" } } ], "category": "product_name", "name": "RUGGEDCOM RS920L" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS920LNC", "product_id": "79" } } ], "category": "product_name", "name": "RUGGEDCOM RS920LNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS920W", "product_id": "80" } } ], "category": "product_name", "name": "RUGGEDCOM RS920W" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS930L", "product_id": "81" } } ], "category": "product_name", "name": "RUGGEDCOM RS930L" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS930LNC", "product_id": "82" } } ], "category": "product_name", "name": "RUGGEDCOM RS930LNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS930W", "product_id": "83" } } ], "category": "product_name", "name": "RUGGEDCOM RS930W" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS940G", "product_id": "84" } } ], "category": "product_name", "name": "RUGGEDCOM RS940G" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RS940GF", "product_id": "85" } } ], "category": "product_name", "name": "RUGGEDCOM RS940GF" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS940GNC", "product_id": "86" } } ], "category": "product_name", "name": "RUGGEDCOM RS940GNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS969", "product_id": "87" } } ], "category": "product_name", "name": "RUGGEDCOM RS969" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS969NC", "product_id": "88" } } ], "category": "product_name", "name": "RUGGEDCOM RS969NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600", "product_id": "89" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600F", "product_id": "90" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600FNC", "product_id": "91" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600FNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600NC", "product_id": "92" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600T", "product_id": "93" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600T" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS1600TNC", "product_id": "94" } } ], "category": "product_name", "name": "RUGGEDCOM RS1600TNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000", "product_id": "95" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000A", "product_id": "96" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000A" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000ANC", "product_id": "97" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000ANC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000H", "product_id": "98" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000H" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000HNC", "product_id": "99" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000HNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000NC", "product_id": "100" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000T", "product_id": "101" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000T" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RS8000TNC", "product_id": "102" } } ], "category": "product_name", "name": "RUGGEDCOM RS8000TNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG907R", "product_id": "103" } } ], "category": "product_name", "name": "RUGGEDCOM RSG907R" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG908C", "product_id": "104" } } ], "category": "product_name", "name": "RUGGEDCOM RSG908C" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG909R", "product_id": "105" } } ], "category": "product_name", "name": "RUGGEDCOM RSG909R" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG910C", "product_id": "106" } } ], "category": "product_name", "name": "RUGGEDCOM RSG910C" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG920P V4.X", "product_id": "107" } } ], "category": "product_name", "name": "RUGGEDCOM RSG920P V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG920P V5.X", "product_id": "108" } } ], "category": "product_name", "name": "RUGGEDCOM RSG920P V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG920PNC V4.X", "product_id": "109" } } ], "category": "product_name", "name": "RUGGEDCOM RSG920PNC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG920PNC V5.X", "product_id": "110" } } ], "category": "product_name", "name": "RUGGEDCOM RSG920PNC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100", "product_id": "111" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100 (32M) V4.X", "product_id": "112" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100 (32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2100 (32M) V5.X", "product_id": "113" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100 (32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2100F", "product_id": "114" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100NC", "product_id": "115" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100NC(32M) V4.X", "product_id": "116" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100NC(32M) V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2100NC(32M) V5.X", "product_id": "117" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100NC(32M) V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100P", "product_id": "118" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100P" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2100PF", "product_id": "119" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100PF" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2100PNC", "product_id": "120" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2100PNC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2200", "product_id": "121" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2200" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2200F", "product_id": "122" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2200F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2200NC", "product_id": "123" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2200NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2288 V4.X", "product_id": "124" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2288 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2288 V5.X", "product_id": "125" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2288 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2288NC V4.X", "product_id": "126" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2288NC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2288NC V5.X", "product_id": "127" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2288NC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2300 V4.X", "product_id": "128" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2300 V5.X", "product_id": "129" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2300F", "product_id": "130" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2300NC V4.X", "product_id": "131" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300NC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2300NC V5.X", "product_id": "132" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300NC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2300P V4.X", "product_id": "133" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300P V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2300P V5.X", "product_id": "134" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300P V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2300PF", "product_id": "135" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300PF" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2300PNC V4.X", "product_id": "136" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300PNC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2300PNC V5.X", "product_id": "137" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2300PNC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2488 V4.X", "product_id": "138" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488 V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2488 V5.X", "product_id": "139" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488 V5.X" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM RSG2488F", "product_id": "140" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488F" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV4.3.8", "product": { "name": "RUGGEDCOM RSG2488NC V4.X", "product_id": "141" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488NC V4.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSG2488NC V5.X", "product_id": "142" } } ], "category": "product_name", "name": "RUGGEDCOM RSG2488NC V5.X" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSL910", "product_id": "143" } } ], "category": "product_name", "name": "RUGGEDCOM RSL910" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RSL910NC", "product_id": "144" } } ], "category": "product_name", "name": "RUGGEDCOM RSL910NC" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RST916C", "product_id": "145" } } ], "category": "product_name", "name": "RUGGEDCOM RST916C" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RST916P", "product_id": "146" } } ], "category": "product_name", "name": "RUGGEDCOM RST916P" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RST2228", "product_id": "147" } } ], "category": "product_name", "name": "RUGGEDCOM RST2228" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV5.6.0", "product": { "name": "RUGGEDCOM RST2228P", "product_id": "148" } } ], "category": "product_name", "name": "RUGGEDCOM RST2228P" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-37208", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "summary", "text": "Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "13", "16", "10", "27", "32", "37", "48", "52", "57", "85", "114", "119", "122", "130", "135", "140" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "1", "3", "5", "7", "12", "15", "9", "18", "20", "24", "89", "90", "93", "26", "29", "31", "41", "43", "95", "96", "98", "101", "45", "46", "49", "50", "56", "59", "72", "73", "74", "77", "78", "80", "81", "83", "84", "87", "111", "112", "118", "121", "124", "128", "133", "138", "107" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "2", "4", "6", "8", "14", "17", "11", "19", "22", "25", "91", "92", "94", "28", "30", "33", "34", "36", "38", "39", "97", "99", "100", "102", "53", "54", "58", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "75", "76", "79", "82", "86", "88", "115", "116", "120", "123", "126", "131", "136", "141", "109" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "21", "42", "44", "47", "51", "113", "125", "129", "134", "139", "103", "104", "105", "106", "108", "143", "147", "148", "145", "146" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "23", "35", "40", "55", "71", "117", "127", "132", "137", "142", "110", "144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" } ], "scores": [ { "cvss_v3": { "baseScore": 9.6, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H/E:P/RL:T/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] } ], "title": "CVE-2021-37208" }, { "cve": "CVE-2021-42016", "cwe": { "id": "CWE-208", "name": "Observable Timing Discrepancy" }, "notes": [ { "category": "summary", "text": "A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. \r\n\r\nIf a threat actor were to exploit this, the data integrity and security could be compromised.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "3", "5", "7", "12", "13", "15", "16", "9", "10", "18", "20", "21", "24", "89", "90", "93", "26", "27", "29", "31", "32", "36", "37", "41", "42", "43", "44", "95", "96", "98", "101", "45", "46", "47", "48", "49", "50", "51", "52", "56", "57", "59", "61", "62", "63", "64", "72", "73", "74", "77", "78", "80", "81", "83", "84", "85", "87", "111", "112", "113", "114", "118", "119", "121", "122", "124", "125", "128", "129", "130", "133", "134", "135", "138", "139", "140", "103", "104", "105", "106", "107", "108", "143", "147", "148", "145", "146" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "1", "3", "5", "7", "12", "13", "15", "16", "9", "10", "18", "20", "21", "24", "89", "90", "93", "26", "27", "29", "31", "32", "36", "37", "41", "42", "43", "44", "95", "96", "98", "101", "45", "46", "47", "48", "49", "50", "51", "52", "56", "57", "59", "61", "62", "63", "64", "72", "73", "74", "77", "78", "80", "81", "83", "84", "85", "87", "111", "112", "113", "114", "118", "119", "121", "122", "124", "125", "128", "129", "130", "133", "134", "135", "138", "139", "140", "103", "104", "105", "106", "107", "108", "143", "147", "148", "145", "146" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "1", "3", "5", "7", "12", "13", "15", "16", "9", "10", "18", "20", "21", "24", "89", "90", "93", "26", "27", "29", "31", "32", "36", "37", "41", "42", "43", "44", "95", "96", "98", "101", "45", "46", "47", "48", "49", "50", "51", "52", "56", "57", "59", "61", "62", "63", "64", "72", "73", "74", "77", "78", "80", "81", "83", "84", "85", "87", "111", "112", "113", "114", "118", "119", "121", "122", "124", "125", "128", "129", "130", "133", "134", "135", "138", "139", "140", "103", "104", "105", "106", "107", "108", "143", "147", "148", "145", "146" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "13", "16", "10", "27", "32", "37", "48", "52", "57", "85", "114", "119", "122", "130", "135", "140" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "1", "3", "5", "7", "12", "15", "9", "18", "20", "24", "89", "90", "93", "26", "29", "31", "41", "43", "95", "96", "98", "101", "45", "46", "49", "50", "56", "59", "72", "73", "74", "77", "78", "80", "81", "83", "84", "87", "111", "112", "118", "121", "124", "128", "133", "138", "107" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "36", "61", "62", "63", "64" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "21", "42", "44", "47", "51", "113", "125", "129", "134", "139", "103", "104", "105", "106", "108", "143", "147", "148", "145", "146" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "3", "5", "7", "12", "13", "15", "16", "9", "10", "18", "20", "21", "24", "89", "90", "93", "26", "27", "29", "31", "32", "36", "37", "41", "42", "43", "44", "95", "96", "98", "101", "45", "46", "47", "48", "49", "50", "51", "52", "56", "57", "59", "61", "62", "63", "64", "72", "73", "74", "77", "78", "80", "81", "83", "84", "85", "87", "111", "112", "113", "114", "118", "119", "121", "122", "124", "125", "128", "129", "130", "133", "134", "135", "138", "139", "140", "103", "104", "105", "106", "107", "108", "143", "147", "148", "145", "146" ] } ], "title": "CVE-2021-42016" }, { "cve": "CVE-2021-42017", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "notes": [ { "category": "summary", "text": "A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.\r\n\r\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "3", "5", "7", "12", "13", "15", "16", "9", "10", "18", "20", "21", "24", "89", "90", "93", "26", "27", "29", "31", "32", "36", "37", "41", "42", "43", "44", "95", "96", "98", "101", "45", "46", "47", "48", "49", "50", "51", "52", "56", "57", "59", "61", "62", "63", "64", "72", "73", "74", "77", "78", "80", "81", "83", "84", "85", "87", "111", "112", "113", "114", "118", "119", "121", "122", "124", "125", "128", "129", "130", "133", "134", "135", "138", "139", "140", "103", "104", "105", "106", "107", "108", "143", "147", "148", "145", "146" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "1", "3", "5", "7", "12", "13", "15", "16", "9", "10", "18", "20", "21", "24", "89", "90", "93", "26", "27", "29", "31", "32", "36", "37", "41", "42", "43", "44", "95", "96", "98", "101", "45", "46", "47", "48", "49", "50", "51", "52", "56", "57", "59", "61", "62", "63", "64", "72", "73", "74", "77", "78", "80", "81", "83", "84", "85", "87", "111", "112", "113", "114", "118", "119", "121", "122", "124", "125", "128", "129", "130", "133", "134", "135", "138", "139", "140", "103", "104", "105", "106", "107", "108", "143", "147", "148", "145", "146" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "1", "3", "5", "7", "12", "13", "15", "16", "9", "10", "18", "20", "21", "24", "89", "90", "93", "26", "27", "29", "31", "32", "36", "37", "41", "42", "43", "44", "95", "96", "98", "101", "45", "46", "47", "48", "49", "50", "51", "52", "56", "57", "59", "61", "62", "63", "64", "72", "73", "74", "77", "78", "80", "81", "83", "84", "85", "87", "111", "112", "113", "114", "118", "119", "121", "122", "124", "125", "128", "129", "130", "133", "134", "135", "138", "139", "140", "103", "104", "105", "106", "107", "108", "143", "147", "148", "145", "146" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "13", "16", "10", "27", "32", "37", "48", "52", "57", "85", "114", "119", "122", "130", "135", "140" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "1", "3", "5", "7", "12", "15", "9", "18", "20", "24", "89", "90", "93", "26", "29", "31", "41", "43", "95", "96", "98", "101", "45", "46", "49", "50", "56", "59", "72", "73", "74", "77", "78", "80", "81", "83", "84", "87", "111", "112", "118", "121", "124", "128", "133", "138", "107" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "36", "61", "62", "63", "64" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "21", "42", "44", "47", "51", "113", "125", "129", "134", "139", "103", "104", "105", "106", "108", "143", "147", "148", "145", "146" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "3", "5", "7", "12", "13", "15", "16", "9", "10", "18", "20", "21", "24", "89", "90", "93", "26", "27", "29", "31", "32", "36", "37", "41", "42", "43", "44", "95", "96", "98", "101", "45", "46", "47", "48", "49", "50", "51", "52", "56", "57", "59", "61", "62", "63", "64", "72", "73", "74", "77", "78", "80", "81", "83", "84", "85", "87", "111", "112", "113", "114", "118", "119", "121", "122", "124", "125", "128", "129", "130", "133", "134", "135", "138", "139", "140", "103", "104", "105", "106", "107", "108", "143", "147", "148", "145", "146" ] } ], "title": "CVE-2021-42017" }, { "cve": "CVE-2021-42018", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked.\r\n\r\nTherefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "13", "16", "10", "27", "32", "37", "48", "52", "57", "85", "114", "119", "122", "130", "135", "140" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "1", "3", "5", "7", "12", "15", "9", "18", "20", "24", "89", "90", "93", "26", "29", "31", "41", "43", "95", "96", "98", "101", "45", "46", "49", "50", "56", "59", "72", "73", "74", "77", "78", "80", "81", "83", "84", "87", "111", "112", "118", "121", "124", "128", "133", "138", "107" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "2", "4", "6", "8", "14", "17", "11", "19", "22", "25", "91", "92", "94", "28", "30", "33", "34", "36", "38", "39", "97", "99", "100", "102", "53", "54", "58", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "75", "76", "79", "82", "86", "88", "115", "116", "120", "123", "126", "131", "136", "141", "109" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "21", "42", "44", "47", "51", "113", "125", "129", "134", "139", "103", "104", "105", "106", "108", "143", "147", "148", "145", "146" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "23", "35", "40", "55", "71", "117", "127", "132", "137", "142", "110", "144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] } ], "title": "CVE-2021-42018" }, { "cve": "CVE-2021-42019", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "Within a third-party component, the process to allocate partition size fails to check memory boundaries.\r\n\r\nTherefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "13", "16", "10", "27", "32", "37", "48", "52", "57", "85", "114", "119", "122", "130", "135", "140" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "1", "3", "5", "7", "12", "15", "9", "18", "20", "24", "89", "90", "93", "26", "29", "31", "41", "43", "95", "96", "98", "101", "45", "46", "49", "50", "56", "59", "72", "73", "74", "77", "78", "80", "81", "83", "84", "87", "111", "112", "118", "121", "124", "128", "133", "138", "107" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "2", "4", "6", "8", "14", "17", "11", "19", "22", "25", "91", "92", "94", "28", "30", "33", "34", "36", "38", "39", "97", "99", "100", "102", "53", "54", "58", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "75", "76", "79", "82", "86", "88", "115", "116", "120", "123", "126", "131", "136", "141", "109" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "21", "42", "44", "47", "51", "113", "125", "129", "134", "139", "103", "104", "105", "106", "108", "143", "147", "148", "145", "146" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "23", "35", "40", "55", "71", "117", "127", "132", "137", "142", "110", "144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "13", "14", "15", "16", "17", "9", "10", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86", "87", "88", "111", "112", "113", "114", "115", "116", "117", "118", "119", "120", "121", "122", "123", "124", "125", "126", "127", "128", "129", "130", "131", "132", "133", "134", "135", "136", "137", "138", "139", "140", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] } ], "title": "CVE-2021-42019" }, { "cve": "CVE-2021-42020", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "notes": [ { "category": "summary", "text": "The third-party component, in its TFTP functionality fails to check for null terminations in file names.\r\n\r\nIf an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "14", "15", "17", "9", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "28", "29", "30", "31", "33", "34", "35", "36", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "49", "50", "51", "53", "54", "55", "56", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "86", "87", "88", "111", "112", "113", "115", "116", "117", "118", "120", "121", "123", "124", "125", "126", "127", "128", "129", "131", "132", "133", "134", "136", "137", "138", "139", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, "remediations": [ { "category": "mitigation", "details": "Restrict web server access in affected system(s) to ports 443/TCP and 22/TCP, to trusted IP addresses only", "product_ids": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "14", "15", "17", "9", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "28", "29", "30", "31", "33", "34", "35", "36", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "49", "50", "51", "53", "54", "55", "56", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "86", "87", "88", "111", "112", "113", "115", "116", "117", "118", "120", "121", "123", "124", "125", "126", "127", "128", "129", "131", "132", "133", "134", "136", "137", "138", "139", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, { "category": "mitigation", "details": "Restrict access to port 69/UDP to trusted IP addresses only, for the TFTP vulnerability", "product_ids": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "14", "15", "17", "9", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "28", "29", "30", "31", "33", "34", "35", "36", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "49", "50", "51", "53", "54", "55", "56", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "86", "87", "88", "111", "112", "113", "115", "116", "117", "118", "120", "121", "123", "124", "125", "126", "127", "128", "129", "131", "132", "133", "134", "136", "137", "138", "139", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "1", "3", "5", "7", "12", "15", "9", "18", "20", "24", "89", "90", "93", "26", "29", "31", "41", "43", "95", "96", "98", "101", "45", "46", "49", "50", "56", "59", "72", "73", "74", "77", "78", "80", "81", "83", "84", "87", "111", "112", "118", "121", "124", "128", "133", "138", "107" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V4.3.8 or later version", "product_ids": [ "2", "4", "6", "8", "14", "17", "11", "19", "22", "25", "91", "92", "94", "28", "30", "33", "34", "36", "38", "39", "97", "99", "100", "102", "53", "54", "58", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "75", "76", "79", "82", "86", "88", "115", "116", "120", "123", "126", "131", "136", "141", "109" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109816735/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "21", "42", "44", "47", "51", "113", "125", "129", "134", "139", "103", "104", "105", "106", "108", "143", "147", "148", "145", "146" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" }, { "category": "vendor_fix", "details": "Update to V5.6.0 or later version", "product_ids": [ "23", "35", "40", "55", "71", "117", "127", "132", "137", "142", "110", "144" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806156/" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7", "8", "12", "14", "15", "17", "9", "11", "18", "19", "20", "21", "22", "23", "24", "25", "89", "90", "91", "92", "93", "94", "26", "28", "29", "30", "31", "33", "34", "35", "36", "38", "39", "40", "41", "42", "43", "44", "95", "96", "97", "98", "99", "100", "101", "102", "45", "46", "47", "49", "50", "51", "53", "54", "55", "56", "58", "59", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "80", "81", "82", "83", "84", "86", "87", "88", "111", "112", "113", "115", "116", "117", "118", "120", "121", "123", "124", "125", "126", "127", "128", "129", "131", "132", "133", "134", "136", "137", "138", "139", "141", "142", "103", "104", "105", "106", "107", "108", "109", "110", "143", "144", "147", "148", "145", "146" ] } ], "title": "CVE-2021-42020" } ] }
ghsa-v2q7-x3pw-jc98
Vulnerability from github
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.
{ "affected": [], "aliases": [ "CVE-2021-42017" ], "database_specific": { "cwe_ids": [ "CWE-295", "CWE-358" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-03-08T12:15:00Z", "severity": "MODERATE" }, "details": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions \u003c V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions \u003c V5.6.0), RUGGEDCOM ROS RS416v2 (All versions \u003c V5.6.0), RUGGEDCOM ROS RS900G (All versions \u003c V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100P (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSL910 (All versions \u003c V5.6.0), RUGGEDCOM ROS RST2228 (All versions \u003c V5.6.0), RUGGEDCOM ROS RST916C (All versions \u003c V5.6.0), RUGGEDCOM ROS RST916P (All versions \u003c V5.6.0). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.", "id": "GHSA-v2q7-x3pw-jc98", "modified": "2022-03-17T00:02:48Z", "published": "2022-03-09T00:00:46Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42017" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }
var-202203-0245
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.
If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. Siemens' RUGGEDCOM ROS contains a security check vulnerability.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0245", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom ros", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.6.0" }, { "model": "ruggedcom ros", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ruggedcom ros", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom ros", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "5.6.0" }, { "model": "ruggedcom ros", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018692" }, { "db": "NVD", "id": "CVE-2021-42017" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_i800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_i801:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_i802:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_i803:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_m2100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_m2200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_m969:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc20:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc30:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc40:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc41:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rp110:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs401:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs416:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs8000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs8000a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs8000h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs8000t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900gp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs910:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs910l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs910w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs920l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs920w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs930l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs930w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs940g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs969:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2100p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.6.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc8388:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs416v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2288:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2300p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2488:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg907r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg908c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg909r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg910c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg920p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rst2228:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rst2228p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rst916c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rst916p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-42017" } ] }, "cve": "CVE-2021-42017", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-42017", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "None", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-018692", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-42017", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2021-42017", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202203-658", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018692" }, { "db": "NVD", "id": "CVE-2021-42017" }, { "db": "NVD", "id": "CVE-2021-42017" }, { "db": "CNNVD", "id": "CNNVD-202203-658" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. \r\n\r\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. Siemens\u0027 RUGGEDCOM ROS contains a security check vulnerability.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-42017" }, { "db": "JVNDB", "id": "JVNDB-2021-018692" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-42017", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-256353", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU91709091", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-22-069-12", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-018692", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022031012", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202203-658", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018692" }, { "db": "NVD", "id": "CVE-2021-42017" }, { "db": "CNNVD", "id": "CNNVD-202203-658" } ] }, "id": "VAR-202203-0245", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.29656863 }, "last_update_date": "2023-12-18T11:16:36.230000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "RUGGEDCOM ROS multiple models Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=185158" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-658" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-358", "trust": 1.0 }, { "problemtype": "Improperly implemented security checks (CWE-358) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018692" }, { "db": "NVD", "id": "CVE-2021-42017" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91709091/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42017" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-12" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ruggedcom-ros-multiple-vulnerabilities-37732" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031012" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-42017/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018692" }, { "db": "NVD", "id": "CVE-2021-42017" }, { "db": "CNNVD", "id": "CNNVD-202203-658" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-018692" }, { "db": "NVD", "id": "CVE-2021-42017" }, { "db": "CNNVD", "id": "CNNVD-202203-658" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-018692" }, { "date": "2022-03-08T12:15:10.890000", "db": "NVD", "id": "CVE-2021-42017" }, { "date": "2022-03-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-658" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-05T08:11:00", "db": "JVNDB", "id": "JVNDB-2021-018692" }, { "date": "2023-12-12T12:15:08.940000", "db": "NVD", "id": "CVE-2021-42017" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-658" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-658" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0RUGGEDCOM\u00a0ROS\u00a0 security check vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018692" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "security feature problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-658" } ], "trust": 0.6 } }
gsd-2021-42017
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2021-42017", "description": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions \u003c V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions \u003c V5.6.0), RUGGEDCOM ROS RS416v2 (All versions \u003c V5.6.0), RUGGEDCOM ROS RS900G (All versions \u003c V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100P (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSL910 (All versions \u003c V5.6.0), RUGGEDCOM ROS RST2228 (All versions \u003c V5.6.0), RUGGEDCOM ROS RST916C (All versions \u003c V5.6.0), RUGGEDCOM ROS RST916P (All versions \u003c V5.6.0). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.", "id": "GSD-2021-42017" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-42017" ], "details": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.\r\n\r\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.", "id": "GSD-2021-42017", "modified": "2023-12-13T01:23:06.173651Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-42017", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "RUGGEDCOM i800", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM i801", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM i802", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM i803", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM M2100", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM M2100F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM M2200", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM M2200F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM M969", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM M969F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RMC30", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RMC8388 V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RMC8388 V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RP110", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS1600", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS1600F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS1600T", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS400", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS400F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RS401", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS416", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS416F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RS416P", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS416PF", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RS416Pv2 V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS416Pv2 V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RS416v2 V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS416v2 V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RS8000", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS8000A", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS8000H", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS8000T", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900 (32M) V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900 (32M) V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RS900F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RS900G", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900G (32M) V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900G (32M) V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RS900GF", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RS900GP", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900GPF", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RS900L", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900M-GETS-C01", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900M-GETS-XX", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900M-STND-C01", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900M-STND-XX", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS900W", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS910", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS910L", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS910W", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS920L", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS920W", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS930L", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS930W", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS940G", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RS940GF", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RS969", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG2100", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG2100 (32M) V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG2100 (32M) V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSG2100F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RSG2100P", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG2100PF", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RSG2200", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG2200F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RSG2288 V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG2288 V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSG2300 V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG2300 V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSG2300F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RSG2300P V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG2300P V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSG2300PF", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RSG2488 V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG2488 V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSG2488F", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions" } ] } }, { "product_name": "RUGGEDCOM RSG907R", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSG908C", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSG909R", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSG910C", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSG920P V4.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V4.3.8" } ] } }, { "product_name": "RUGGEDCOM RSG920P V5.X", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RSL910", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RST2228", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RST2228P", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RST916C", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } }, { "product_name": "RUGGEDCOM RST916P", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.6.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.\r\n\r\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications." } ] }, "impact": { "cvss": [ { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-358", "lang": "eng", "value": "CWE-358: Improperly Implemented Security Check for Standard" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_i800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_i801:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_i802:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_i803:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_m2100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_m2200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_m969:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc20:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc30:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc40:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc41:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rp110:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs401:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs416:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs8000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs8000a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs8000h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs8000t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900gp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs910:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs910l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs910w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs920l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs920w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs930l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs930w:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs940g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs969:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2100p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.6.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rmc8388:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs416v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rs900g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2288:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2300p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg2488:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg907r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg908c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg909r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg910c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsg920p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rst2228:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rst2228p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rst916c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rst916p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-42017" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.\r\n\r\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-358" } ] } ] }, "references": { "reference_data": [ { "name": "N/A", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } }, "lastModifiedDate": "2023-12-12T12:15Z", "publishedDate": "2022-03-08T12:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.