Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-42017

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.

Published

2022-03-08T12:15:10.890

Last Modified

2025-08-12T12:15:28.013

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-358
Type: Secondary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	ruggedcom_ros	*	Yes
Hardware	siemens	ruggedcom_i800	-	No
Hardware	siemens	ruggedcom_i801	-	No
Hardware	siemens	ruggedcom_i802	-	No
Hardware	siemens	ruggedcom_i803	-	No
Hardware	siemens	ruggedcom_m2100	-	No
Hardware	siemens	ruggedcom_m2200	-	No
Hardware	siemens	ruggedcom_m969	-	No
Hardware	siemens	ruggedcom_rmc	-	No
Hardware	siemens	ruggedcom_rmc20	-	No
Hardware	siemens	ruggedcom_rmc30	-	No
Hardware	siemens	ruggedcom_rmc40	-	No
Hardware	siemens	ruggedcom_rmc41	-	No
Hardware	siemens	ruggedcom_rp110	-	No
Hardware	siemens	ruggedcom_rs400	-	No
Hardware	siemens	ruggedcom_rs401	-	No
Hardware	siemens	ruggedcom_rs416	-	No
Hardware	siemens	ruggedcom_rs8000	-	No
Hardware	siemens	ruggedcom_rs8000a	-	No
Hardware	siemens	ruggedcom_rs8000h	-	No
Hardware	siemens	ruggedcom_rs8000t	-	No
Hardware	siemens	ruggedcom_rs900gp	-	No
Hardware	siemens	ruggedcom_rs900l	-	No
Hardware	siemens	ruggedcom_rs900w	-	No
Hardware	siemens	ruggedcom_rs910	-	No
Hardware	siemens	ruggedcom_rs910l	-	No
Hardware	siemens	ruggedcom_rs910w	-	No
Hardware	siemens	ruggedcom_rs920l	-	No
Hardware	siemens	ruggedcom_rs920w	-	No
Hardware	siemens	ruggedcom_rs930l	-	No
Hardware	siemens	ruggedcom_rs930w	-	No
Hardware	siemens	ruggedcom_rs940g	-	No
Hardware	siemens	ruggedcom_rs969	-	No
Hardware	siemens	ruggedcom_rsg2100p	-	No
Hardware	siemens	ruggedcom_rsg2200	-	No
Operating System	siemens	ruggedcom_ros	< 5.6.0	Yes
Hardware	siemens	ruggedcom_rmc8388	-	No
Hardware	siemens	ruggedcom_rs416v2	-	No
Hardware	siemens	ruggedcom_rs900	-	No
Hardware	siemens	ruggedcom_rs900g	-	No
Hardware	siemens	ruggedcom_rsg2100	-	No
Hardware	siemens	ruggedcom_rsg2288	-	No
Hardware	siemens	ruggedcom_rsg2300	-	No
Hardware	siemens	ruggedcom_rsg2300p	-	No
Hardware	siemens	ruggedcom_rsg2488	-	No
Hardware	siemens	ruggedcom_rsg907r	-	No
Hardware	siemens	ruggedcom_rsg908c	-	No
Hardware	siemens	ruggedcom_rsg909r	-	No
Hardware	siemens	ruggedcom_rsg910c	-	No
Hardware	siemens	ruggedcom_rsg920p	-	No
Hardware	siemens	ruggedcom_rsl910	-	No
Hardware	siemens	ruggedcom_rst2228	-	No
Hardware	siemens	ruggedcom_rst2228p	-	No
Hardware	siemens	ruggedcom_rst916c	-	No
Hardware	siemens	ruggedcom_rst916p	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-256353.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)