CVE-2024-39675

HIGH8.7

Description

A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.

CVSS breakdown

CVSS 4.0

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Physical

Changed

Affected products

Siemens / RUGGEDCOM RMC300 – V4.3.10
Siemens / RUGGEDCOM RMC30NC0 – V4.3.10
Siemens / RUGGEDCOM RP1100 – V4.3.10
Siemens / RUGGEDCOM RP110NC0 – V4.3.10
Siemens / RUGGEDCOM RS4000 – V4.3.10
Siemens / RUGGEDCOM RS400NC0 – V4.3.10
Siemens / RUGGEDCOM RS4010 – V4.3.10
Siemens / RUGGEDCOM RS401NC0 – V4.3.10
Siemens / RUGGEDCOM RS4160 – V4.3.10
Siemens / RUGGEDCOM RS416NC0 – V4.3.10
Siemens / RUGGEDCOM RS416NCv2 V4.X0 – V4.3.10
Siemens / RUGGEDCOM RS416NCv2 V5.X0 – V5.9.0
Siemens / RUGGEDCOM RS416P0 – V4.3.10
Siemens / RUGGEDCOM RS416PNC0 – V4.3.10
Siemens / RUGGEDCOM RS416PNCv2 V4.X0 – V4.3.10
Siemens / RUGGEDCOM RS416PNCv2 V5.X0 – V5.9.0
Siemens / RUGGEDCOM RS416Pv2 V4.X0 – V4.3.10
Siemens / RUGGEDCOM RS416Pv2 V5.X0 – V5.9.0
Siemens / RUGGEDCOM RS416v2 V4.X0 – V4.3.10
Siemens / RUGGEDCOM RS416v2 V5.X0 – V5.9.0
Siemens / RUGGEDCOM RS9100 – V4.3.10
Siemens / RUGGEDCOM RS910L0 – *
Siemens / RUGGEDCOM RS910LNC0 – *
Siemens / RUGGEDCOM RS910NC0 – V4.3.10
Siemens / RUGGEDCOM RS910W0 – V4.3.10
Siemens / RUGGEDCOM RS920L0 – *
Siemens / RUGGEDCOM RS920LNC0 – *
Siemens / RUGGEDCOM RS920W0 – *

References

MISChttps://cert-portal.siemens.com/productcert/html/ssa-170375.html