Details of VAR-202107-1339

ID

VAR-202107-1339

CVE

CVE-2021-31895

TITLE

Out-of-bounds write vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-010132

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution. Multiple Siemens products are vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) May be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-31895 // JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-31895

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom ros rmc20	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900g	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900w	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rst916c	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900gp	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2288	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rst2228	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs910l	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs8000a	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs416v2	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc8388	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs400	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg920p	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros i800	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900r	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs8000h	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2200	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs8000t	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900g	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rp110	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs920l	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900g	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900c	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros m2100	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100p	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs910w	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsl910	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs920w	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300p	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900g	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros m2200	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs930w	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros i801	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs910	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc30	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs416	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros m969	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc40	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg920p	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100p	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2288	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100p	scope:	lt	version:	5.3.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300	scope:	lt	version:	5.3.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900l	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros i802	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc8388	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900g	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2488	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg920p	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs940g	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900g	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros i803	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs930l	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc41	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300p	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2488	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs401	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300p	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs969	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2488	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rst916p	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs416v2	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2288	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs8000	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs416v2	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc8388	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	シーメンス	model:	ruggedcom ros i800	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros m969	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros rmc	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros i803	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros rmc20	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros m2200	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros rmc30	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros m2100	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros i802	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros i801	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010132 // NVD: CVE-2021-31895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31895
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-31895
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202107-692
value:	CRITICAL
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-31895
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-31895
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-31895
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202107-692 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-31895

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010132 // NVD: CVE-2021-31895

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-692

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-692 // CNNVD: CNNVD-202104-975

PATCH

title:	SSA-373591	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf	Trust: 0.8
title:	Siemens RUGGEDCOM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156386	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0fa914b1cff73616953dba36fb06baf5	Trust: 0.1

sources: VULMON: CVE-2021-31895 // JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202107-692

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31895	Trust: 3.3
db:	SIEMENS	id:	SSA-373591	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-010132	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.2405	Trust: 0.6
db:	CS-HELP	id:	SB2021071422	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-692	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULMON	id:	CVE-2021-31895	Trust: 0.1

sources: VULMON: CVE-2021-31895 // JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202107-692 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-31895

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31895	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.2405	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071422	Trust: 0.6
url:	https://vigilance.fr/vulnerability/siemens-ruggedcom-ros-buffer-overflow-via-dhcp-35872	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-373591.txt	Trust: 0.1

sources: VULMON: CVE-2021-31895 // JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202107-692 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-31895

SOURCES

db:	VULMON	id:	CVE-2021-31895
db:	JVNDB	id:	JVNDB-2021-010132
db:	CNNVD	id:	CNNVD-202107-692
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-31895

LAST UPDATE DATE

2024-08-14T13:07:16.865000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-31895	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-010132	date:	2022-06-22T02:35:00
db:	CNNVD	id:	CNNVD-202107-692	date:	2021-08-02T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-31895	date:	2021-08-27T12:50:45.540

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-31895	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-010132	date:	2022-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202107-692	date:	2021-07-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-31895	date:	2021-07-13T11:15:09.677