Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-42016

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.5, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 54 products from siemens, from siemens, from siemens and 51 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-03-08T12:15:10.827

Last Modified

2025-08-12T12:15:27.780

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-208
Type: Secondary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	ruggedcom_ros	*	Yes
Hardware	siemens	ruggedcom_i800	-	No
Hardware	siemens	ruggedcom_i801	-	No
Hardware	siemens	ruggedcom_i802	-	No
Hardware	siemens	ruggedcom_i803	-	No
Hardware	siemens	ruggedcom_m2100	-	No
Hardware	siemens	ruggedcom_m2200	-	No
Hardware	siemens	ruggedcom_m969	-	No
Hardware	siemens	ruggedcom_rmc	-	No
Hardware	siemens	ruggedcom_rmc20	-	No
Hardware	siemens	ruggedcom_rmc30	-	No
Hardware	siemens	ruggedcom_rmc40	-	No
Hardware	siemens	ruggedcom_rmc41	-	No
Hardware	siemens	ruggedcom_rp110	-	No
Hardware	siemens	ruggedcom_rs400	-	No
Hardware	siemens	ruggedcom_rs401	-	No
Hardware	siemens	ruggedcom_rs416	-	No
Hardware	siemens	ruggedcom_rs8000	-	No
Hardware	siemens	ruggedcom_rs8000a	-	No
Hardware	siemens	ruggedcom_rs8000h	-	No
Hardware	siemens	ruggedcom_rs8000t	-	No
Hardware	siemens	ruggedcom_rs900gp	-	No
Hardware	siemens	ruggedcom_rs900l	-	No
Hardware	siemens	ruggedcom_rs900w	-	No
Hardware	siemens	ruggedcom_rs910	-	No
Hardware	siemens	ruggedcom_rs910l	-	No
Hardware	siemens	ruggedcom_rs910w	-	No
Hardware	siemens	ruggedcom_rs920l	-	No
Hardware	siemens	ruggedcom_rs920w	-	No
Hardware	siemens	ruggedcom_rs930l	-	No
Hardware	siemens	ruggedcom_rs930w	-	No
Hardware	siemens	ruggedcom_rs940g	-	No
Hardware	siemens	ruggedcom_rs969	-	No
Hardware	siemens	ruggedcom_rsg2100p	-	No
Hardware	siemens	ruggedcom_rsg2200	-	No
Operating System	siemens	ruggedcom_ros	< 5.6.0	Yes
Hardware	siemens	ruggedcom_rmc8388	-	No
Hardware	siemens	ruggedcom_rs416v2	-	No
Hardware	siemens	ruggedcom_rs900	-	No
Hardware	siemens	ruggedcom_rs900g	-	No
Hardware	siemens	ruggedcom_rsg2100	-	No
Hardware	siemens	ruggedcom_rsg2288	-	No
Hardware	siemens	ruggedcom_rsg2300	-	No
Hardware	siemens	ruggedcom_rsg2300p	-	No
Hardware	siemens	ruggedcom_rsg2488	-	No
Hardware	siemens	ruggedcom_rsg907r	-	No
Hardware	siemens	ruggedcom_rsg908c	-	No
Hardware	siemens	ruggedcom_rsg909r	-	No
Hardware	siemens	ruggedcom_rsg910c	-	No
Hardware	siemens	ruggedcom_rsg920p	-	No
Hardware	siemens	ruggedcom_rsl910	-	No
Hardware	siemens	ruggedcom_rst2228	-	No
Hardware	siemens	ruggedcom_rst2228p	-	No
Hardware	siemens	ruggedcom_rst916c	-	No
Hardware	siemens	ruggedcom_rst916p	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-256353.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For siemens's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.