9.8
CVE-2021-31895
- EPSS 2.33%
- Published 13.07.2021 11:15:09
- Last modified 13.05.2025 10:15:17
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100PNC (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Ruggedcom Ros I800 Version < 4.3.7
Siemens ≫ Ruggedcom Ros I801 Version < 4.3.7
Siemens ≫ Ruggedcom Ros I802 Version < 4.3.7
Siemens ≫ Ruggedcom Ros I803 Version < 4.3.7
Siemens ≫ Ruggedcom Ros M969 Version < 4.3.7
Siemens ≫ Ruggedcom Ros M2100 Version < 4.3.7
Siemens ≫ Ruggedcom Ros M2200 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rmc Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rmc20 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rmc30 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rmc40 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rmc41 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rmc8388 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rmc8388 Version >= 5.0.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rp110 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs400 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs401 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs416 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs416v2 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs416v2 Version >= 5.5.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rs900 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs900 Version >= 5.0.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rs900g Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs900g Version >= 5.0.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rs900gp Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs900l Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs900w Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs910 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs910l Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs910w Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs920l Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs920w Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs930l Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs930w Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs940g Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs969 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs8000 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs8000a Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs8000h Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rs8000t Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg900 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg900 Version >= 5.5.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rsg900c Version < 5.5.4
Siemens ≫ Ruggedcom Ros Rsg900g Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg900g Version >= 5.0.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rsg900r Version < 5.5.4
Siemens ≫ Ruggedcom Ros Rsg920p Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg920p Version >= 5.0.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rsg2100 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg2100 Version >= 5.0.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rsg2100p Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg2100p Version >= 5.0.0 < 5.3.4
Siemens ≫ Ruggedcom Ros Rsg2200 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg2288 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg2288 Version >= 5.0.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rsg2300 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg2300 Version >= 5.0.0 < 5.3.4
Siemens ≫ Ruggedcom Ros Rsg2300p Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg2300p Version >= 5.5.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rsg2488 Version < 4.3.7
Siemens ≫ Ruggedcom Ros Rsg2488 Version >= 5.0.0 < 5.5.4
Siemens ≫ Ruggedcom Ros Rsl910 Version < 5.5.4
Siemens ≫ Ruggedcom Ros Rst916c Version < 5.5.4
Siemens ≫ Ruggedcom Ros Rst916p Version < 5.5.4
Siemens ≫ Ruggedcom Ros Rst2228 Version < 5.5.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.33% | 0.833 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| productcert@siemens.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.