CVE-2021-37209

Summary

CVE	CVE-2021-37209
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-08 12:15:00 UTC
Updated	2023-11-14 11:15:00 UTC
Description	A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 (All versions < V5.7.0), RUGGEDCOM RS416v2 (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Risk And Classification

Problem Types: CWE-326

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Siemens	Ruggedcom I800	-	All	All	All
Hardware	Siemens	Ruggedcom I801	-	All	All	All
Hardware	Siemens	Ruggedcom I802	-	All	All	All
Hardware	Siemens	Ruggedcom I803	-	All	All	All
Hardware	Siemens	Ruggedcom M2100	-	All	All	All
Hardware	Siemens	Ruggedcom M2200	-	All	All	All
Hardware	Siemens	Ruggedcom M969	-	All	All	All
Hardware	Siemens	Ruggedcom Rmc	-	All	All	All
Hardware	Siemens	Ruggedcom Rmc20	-	All	All	All
Hardware	Siemens	Ruggedcom Rmc30	-	All	All	All
Hardware	Siemens	Ruggedcom Rmc40	-	All	All	All
Hardware	Siemens	Ruggedcom Rmc41	-	All	All	All
Hardware	Siemens	Ruggedcom Rmc8388	-	All	All	All
Operating System	Siemens	Ruggedcom Ros	All	All	All	All
Hardware	Siemens	Ruggedcom Rp110	-	All	All	All
Hardware	Siemens	Ruggedcom Rs400	-	All	All	All
Hardware	Siemens	Ruggedcom Rs401	-	All	All	All
Hardware	Siemens	Ruggedcom Rs416	-	All	All	All
Hardware	Siemens	Ruggedcom Rs416v2	-	All	All	All
Hardware	Siemens	Ruggedcom Rs8000	-	All	All	All
Hardware	Siemens	Ruggedcom Rs8000a	-	All	All	All
Hardware	Siemens	Ruggedcom Rs8000h	-	All	All	All
Hardware	Siemens	Ruggedcom Rs8000t	-	All	All	All
Hardware	Siemens	Ruggedcom Rs900	-	All	All	All
Hardware	Siemens	Ruggedcom Rs900g	-	All	All	All
Hardware	Siemens	Ruggedcom Rs900gp	-	All	All	All
Hardware	Siemens	Ruggedcom Rs900l	-	All	All	All
Hardware	Siemens	Ruggedcom Rs900w	-	All	All	All
Hardware	Siemens	Ruggedcom Rs910	-	All	All	All
Hardware	Siemens	Ruggedcom Rs910l	-	All	All	All
Hardware	Siemens	Ruggedcom Rs910w	-	All	All	All
Hardware	Siemens	Ruggedcom Rs920l	-	All	All	All
Hardware	Siemens	Ruggedcom Rs920w	-	All	All	All
Hardware	Siemens	Ruggedcom Rs930l	-	All	All	All
Hardware	Siemens	Ruggedcom Rs930w	-	All	All	All
Hardware	Siemens	Ruggedcom Rs940g	-	All	All	All
Hardware	Siemens	Ruggedcom Rs969	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg2100	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg2100p	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg2200	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg2288	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg2300	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg2300p	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg2488	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg907r	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg908c	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg909r	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg910c	-	All	All	All
Hardware	Siemens	Ruggedcom Rsg920p	-	All	All	All
Hardware	Siemens	Ruggedcom Rsl910	-	All	All	All
Hardware	Siemens	Ruggedcom Rst2228	-	All	All	All
Hardware	Siemens	Ruggedcom Rst2228p	-	All	All	All
Hardware	Siemens	Ruggedcom Rst916c	-	All	All	All
Hardware	Siemens	Ruggedcom Rst916p	-	All	All	All

References

Reference	Source	Link	Tags
N/A	CONFIRM	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591259 Siemens RUGGEDCOM Devices Inadequate Encryption Strength Vulnerability (ICSA-22-069-01, SSA-764417)