cnvd-2022-17777
Vulnerability from cnvd

Title: Siemens RUGGEDCOM Devices信息泄露漏洞

Description:

RUGGEDCOM ROS-based设备通常是交换机和串行到以太网设备,用于连接在恶劣环境下运行的设备,如电力设施变电站和交通控制柜。

Siemens RUGGEDCOM Devices存在信息泄露漏洞,攻击者可利用漏洞获得访问密码。

Severity:

Patch Name: Siemens RUGGEDCOM Devices信息泄露漏洞的补丁

Patch Description:

RUGGEDCOM ROS-based设备通常是交换机和串行到以太网设备,用于连接在恶劣环境下运行的设备,如电力设施变电站和交通控制柜。

Siemens RUGGEDCOM Devices存在信息泄露漏洞,攻击者可利用漏洞获得访问密码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf

Reference: https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf

Impacted products
Name
['Siemens RUGGEDCOM ROS M2100 < V5.6.0', 'Siemens RUGGEDCOM ROS RS416v2 < V5.6.0', 'Siemens RUGGEDCOM ROS RS900G < V5.6.0', 'Siemens RUGGEDCOM ROS RS900G (32M) < V5.6.0', 'Siemens RUGGEDCOM ROS RSG2100P < V5.6.0', 'Siemens RUGGEDCOM ROS RSL910 < V5.6.0', 'Siemens RUGGEDCOM ROS RST916C < V5.6.0', 'Siemens RUGGEDCOM ROS RST916P < V5.6.0', 'Siemens RUGGEDCOM ROS RST2228 < V5.6.0', 'Siemens RUGGEDCOM ROS i800 < V5.6.0', 'Siemens RUGGEDCOM ROS i801 < V5.6.0', 'Siemens RUGGEDCOM ROS i802 < V5.6.0', 'Siemens RUGGEDCOM ROS i803 < V5.6.0', 'Siemens RUGGEDCOM ROS M969 < V5.6.0', 'Siemens RUGGEDCOM ROS M2200 < V5.6.0', 'Siemens RUGGEDCOM ROS RMC < V5.6.0', 'Siemens RUGGEDCOM ROS RMC20 < V5.6.0', 'Siemens RUGGEDCOM ROS RMC30 < V5.6.0', 'Siemens RUGGEDCOM ROS RMC40 < V5.6.0', 'Siemens RUGGEDCOM ROS RMC41 < V5.6.0', 'Siemens RUGGEDCOM ROS RMC8388 < V5.6.0', 'Siemens RUGGEDCOM ROS RP110 < V5.6.0', 'Siemens RUGGEDCOM ROS RS400 < V5.6.0', 'Siemens RUGGEDCOM ROS RS401 < V5.6.0', 'Siemens RUGGEDCOM ROS RS416 < V5.6.0', 'Siemens RUGGEDCOM ROS RS900 (32M) < V5.6.0', 'Siemens RUGGEDCOM ROS RS900GP < V5.6.0', 'Siemens RUGGEDCOM ROS RS900L < V5.6.0', 'Siemens RUGGEDCOM ROS RS900W < V5.6.0', 'Siemens RUGGEDCOM ROS RS910 < V5.6.0', 'Siemens RUGGEDCOM ROS RS910L < V5.6.0', 'Siemens RUGGEDCOM ROS RS920L < V5.6.0', 'Siemens RUGGEDCOM ROS RS920W < V5.6.0', 'Siemens RUGGEDCOM ROS RS930L < V5.6.0', 'Siemens RUGGEDCOM ROS RS930W < V5.6.0', 'Siemens RUGGEDCOM ROS RS940G < V5.6.0', 'Siemens RUGGEDCOM ROS RS969 < V5.6.0', 'Siemens RUGGEDCOM ROS RS8000 < V5.6.0', 'Siemens RUGGEDCOM ROS RS8000A < V5.6.0', 'Siemens RUGGEDCOM ROS RS8000H < V5.6.0', 'Siemens RUGGEDCOM ROS RS8000T < V5.6.0', 'Siemens RUGGEDCOM ROS RSG900 < V5.6.0', 'Siemens RUGGEDCOM ROS RSG900C < V5.6.0', 'Siemens RUGGEDCOM ROS RSG900G < V5.6.0', 'Siemens RUGGEDCOM ROS RSG900R < V5.6.0', 'Siemens RUGGEDCOM ROS RSG907R < V5.6.0', 'Siemens RUGGEDCOM ROS RSG908C < V5.6.0', 'Siemens RUGGEDCOM ROS RSG909R < V5.6.0', 'Siemens RUGGEDCOM ROS RSG910C < V5.6.0', 'Siemens RUGGEDCOM ROS RSG920P < V5.6.0', 'Siemens RUGGEDCOM ROS RSG2100 (32M) < V5.6.0', 'Siemens RUGGEDCOM ROS RSG2488 < V5.6.0', 'Siemens RUGGEDCOM ROS RSG2300P < V5.6.0', 'Siemens RUGGEDCOM ROS RSG2300 < V5.6.0']
Show details on source website


{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-37209"
    }
  },
  "description": "RUGGEDCOM ROS-based\u8bbe\u5907\u901a\u5e38\u662f\u4ea4\u6362\u673a\u548c\u4e32\u884c\u5230\u4ee5\u592a\u7f51\u8bbe\u5907\uff0c\u7528\u4e8e\u8fde\u63a5\u5728\u6076\u52a3\u73af\u5883\u4e0b\u8fd0\u884c\u7684\u8bbe\u5907\uff0c\u5982\u7535\u529b\u8bbe\u65bd\u53d8\u7535\u7ad9\u548c\u4ea4\u901a\u63a7\u5236\u67dc\u3002\n\nSiemens RUGGEDCOM Devices\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97\u8bbf\u95ee\u5bc6\u7801\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-17777",
  "openTime": "2022-03-09",
  "patchDescription": "RUGGEDCOM ROS-based\u8bbe\u5907\u901a\u5e38\u662f\u4ea4\u6362\u673a\u548c\u4e32\u884c\u5230\u4ee5\u592a\u7f51\u8bbe\u5907\uff0c\u7528\u4e8e\u8fde\u63a5\u5728\u6076\u52a3\u73af\u5883\u4e0b\u8fd0\u884c\u7684\u8bbe\u5907\uff0c\u5982\u7535\u529b\u8bbe\u65bd\u53d8\u7535\u7ad9\u548c\u4ea4\u901a\u63a7\u5236\u67dc\u3002\r\n\r\nSiemens RUGGEDCOM Devices\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97\u8bbf\u95ee\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens RUGGEDCOM Devices\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens RUGGEDCOM ROS M2100 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS416v2 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS900G \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS900G (32M) \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG2100P \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSL910 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RST916C \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RST916P \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RST2228 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS i800 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS i801 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS i802 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS i803 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS M969 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS M2200 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RMC \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RMC20 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RMC30 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RMC40 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RMC41 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RMC8388 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RP110 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS400 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS401 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS416 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS900 (32M) \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS900GP \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS900L \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS900W \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS910 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS910L \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS920L \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS920W \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS930L \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS930W \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS940G \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS969 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS8000 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS8000A \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS8000H \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RS8000T \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG900 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG900C \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG900G \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG900R \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG907R \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG908C \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG909R \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG910C \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG920P \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG2100 (32M) \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG2488 \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG2300P \u003c V5.6.0",
      "Siemens RUGGEDCOM ROS RSG2300 \u003c V5.6.0"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2022-03-09",
  "title": "Siemens RUGGEDCOM Devices\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…