Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-37209

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Published

2022-03-08T12:15:10.330

Last Modified

2025-08-12T12:15:27.570

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-326
Type: Secondary
CWE-311

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	ruggedcom_ros	*	Yes
Hardware	siemens	ruggedcom_i800	-	No
Hardware	siemens	ruggedcom_i801	-	No
Hardware	siemens	ruggedcom_i802	-	No
Hardware	siemens	ruggedcom_i803	-	No
Hardware	siemens	ruggedcom_m2100	-	No
Hardware	siemens	ruggedcom_m2200	-	No
Hardware	siemens	ruggedcom_m969	-	No
Hardware	siemens	ruggedcom_rmc	-	No
Hardware	siemens	ruggedcom_rmc20	-	No
Hardware	siemens	ruggedcom_rmc30	-	No
Hardware	siemens	ruggedcom_rmc40	-	No
Hardware	siemens	ruggedcom_rmc41	-	No
Hardware	siemens	ruggedcom_rmc8388	-	No
Hardware	siemens	ruggedcom_rp110	-	No
Hardware	siemens	ruggedcom_rs400	-	No
Hardware	siemens	ruggedcom_rs401	-	No
Hardware	siemens	ruggedcom_rs416	-	No
Hardware	siemens	ruggedcom_rs416v2	-	No
Hardware	siemens	ruggedcom_rs8000	-	No
Hardware	siemens	ruggedcom_rs8000a	-	No
Hardware	siemens	ruggedcom_rs8000h	-	No
Hardware	siemens	ruggedcom_rs8000t	-	No
Hardware	siemens	ruggedcom_rs900	-	No
Hardware	siemens	ruggedcom_rs900g	-	No
Hardware	siemens	ruggedcom_rs900gp	-	No
Hardware	siemens	ruggedcom_rs900l	-	No
Hardware	siemens	ruggedcom_rs900w	-	No
Hardware	siemens	ruggedcom_rs910	-	No
Hardware	siemens	ruggedcom_rs910l	-	No
Hardware	siemens	ruggedcom_rs910w	-	No
Hardware	siemens	ruggedcom_rs920l	-	No
Hardware	siemens	ruggedcom_rs920w	-	No
Hardware	siemens	ruggedcom_rs930l	-	No
Hardware	siemens	ruggedcom_rs930w	-	No
Hardware	siemens	ruggedcom_rs940g	-	No
Hardware	siemens	ruggedcom_rs969	-	No
Hardware	siemens	ruggedcom_rsg2100	-	No
Hardware	siemens	ruggedcom_rsg2100p	-	No
Hardware	siemens	ruggedcom_rsg2200	-	No
Hardware	siemens	ruggedcom_rsg2288	-	No
Hardware	siemens	ruggedcom_rsg2300	-	No
Hardware	siemens	ruggedcom_rsg2300p	-	No
Hardware	siemens	ruggedcom_rsg2488	-	No
Hardware	siemens	ruggedcom_rsg907r	-	No
Hardware	siemens	ruggedcom_rsg908c	-	No
Hardware	siemens	ruggedcom_rsg909r	-	No
Hardware	siemens	ruggedcom_rsg910c	-	No
Hardware	siemens	ruggedcom_rsg920p	-	No
Hardware	siemens	ruggedcom_rsl910	-	No
Hardware	siemens	ruggedcom_rst2228	-	No
Hardware	siemens	ruggedcom_rst2228p	-	No
Hardware	siemens	ruggedcom_rst916c	-	No
Hardware	siemens	ruggedcom_rst916p	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-764417.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)