8.8
CVE-2024-39675
- EPSS 0.06%
- Published 09.07.2024 12:15:17
- Last modified 21.11.2024 09:28:11
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorsiemens
≫
Product
ruggedcom_ros_rmc30
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rmc30nc
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rp110
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rp110nc
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs400
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs400nc
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs401
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs401nc
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416nc
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416ncv2
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416ncv2
Default Statusunknown
Version <
5.9.0
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416p
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416pnc
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416pncv2
Default Statusunknown
Version <
5.9.0
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416pncv2
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416pv2
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416pv2
Default Statusunknown
Version <
5.9.0
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416v2
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs416v2
Default Statusunknown
Version <
5.9.0
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs910
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs910l
Default Statusunknown
Version <
*
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs920l
Default Statusunknown
Version <
*
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs910lnc
Default Statusunknown
Version <
*
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs910nc
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs920lnc
Default Statusunknown
Version <
*
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs910w
Default Statusunknown
Version <
4.3.10
Version
0
Status
affected
Vendorsiemens
≫
Product
ruggedcom_ros_rs920w
Default Statusunknown
Version <
*
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.201 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| productcert@siemens.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.