ID

VAR-202109-1215


CVE

CVE-2021-37175


TITLE

Exceptional State Handling Vulnerability in Multiple Siemens Products

Trust: 0.8

sources: JVNDB: JVNDB-2021-011723

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices. Multiple Siemens products contain an exceptional state handling vulnerability.Information may be obtained. RUGGEDCOM products provide a certain degree of reliability and set the standard for communication networks deployed in harsh environments. RUGGEDCOM RX1400 is a multi-protocol smart node that combines Ethernet switching, routing and application hosting functions with various wide-area connectivity options. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-37175 // JVNDB: JVNDB-2021-011723 // CNVD: CNVD-2021-71418 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-37175

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-71418

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcom rox rx1510scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx5000scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1501scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1524scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1511scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox mx5000scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1500scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1536scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1400scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1512scope:ltversion:2.14.1

Trust: 1.0

vendor:シーメンスmodel:ruggedcom rox rx1536scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1524scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1400scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox mx5000scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx5000scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1512scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1501scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1500scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1510scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1511scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom rox rx1512scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1511scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1510scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1501scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1500scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1400scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox mx5000scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1536scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1524scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx5000scope:ltversion:v2.14.1

Trust: 0.6

sources: CNVD: CNVD-2021-71418 // JVNDB: JVNDB-2021-011723 // NVD: CVE-2021-37175

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37175
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-37175
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-71418
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-804
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-37175
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37175
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-71418
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-37175
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-37175
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-71418 // VULMON: CVE-2021-37175 // JVNDB: JVNDB-2021-011723 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-804 // NVD: CVE-2021-37175

PROBLEMTYPE DATA

problemtype:CWE-280

Trust: 1.0

problemtype:CWE-755

Trust: 1.0

problemtype:Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-011723 // NVD: CVE-2021-37175

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-804

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:SSA-150692url:https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf

Trust: 0.8

title:Patch for Siemens RUGGEDCOM ROX has unspecified vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/290841

Trust: 0.6

title:Siemens RUGGEDCOM Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163657

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=93a87ed46de57a6f27b2f3f9a3698e0c

Trust: 0.1

sources: CNVD: CNVD-2021-71418 // VULMON: CVE-2021-37175 // JVNDB: JVNDB-2021-011723 // CNNVD: CNNVD-202109-804

EXTERNAL IDS

db:NVDid:CVE-2021-37175

Trust: 3.9

db:SIEMENSid:SSA-150692

Trust: 2.3

db:JVNDBid:JVNDB-2021-011723

Trust: 0.8

db:CNVDid:CNVD-2021-71418

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.3140

Trust: 0.6

db:ICS CERTid:ICSA-21-259-01

Trust: 0.6

db:CS-HELPid:SB2021091703

Trust: 0.6

db:CNNVDid:CNNVD-202109-804

Trust: 0.6

db:VULMONid:CVE-2021-37175

Trust: 0.1

sources: CNVD: CNVD-2021-71418 // VULMON: CVE-2021-37175 // JVNDB: JVNDB-2021-011723 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-804 // NVD: CVE-2021-37175

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-37175

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01

Trust: 0.6

url:https://vigilance.fr/vulnerability/ruggedcom-rox-three-vulnerabilities-36396

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091703

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3140

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/755.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-150692.txt

Trust: 0.1

sources: CNVD: CNVD-2021-71418 // VULMON: CVE-2021-37175 // JVNDB: JVNDB-2021-011723 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-804 // NVD: CVE-2021-37175

CREDITS

Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202109-804

SOURCES

db:CNVDid:CNVD-2021-71418
db:VULMONid:CVE-2021-37175
db:JVNDBid:JVNDB-2021-011723
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-804
db:NVDid:CVE-2021-37175

LAST UPDATE DATE

2024-08-14T13:08:50.978000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-71418date:2021-09-16T00:00:00
db:VULMONid:CVE-2021-37175date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2021-011723date:2022-08-09T06:52:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-804date:2021-09-24T00:00:00
db:NVDid:CVE-2021-37175date:2022-10-27T12:58:47.147

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-71418date:2021-09-15T00:00:00
db:VULMONid:CVE-2021-37175date:2021-09-14T00:00:00
db:JVNDBid:JVNDB-2021-011723date:2022-08-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-804date:2021-09-14T00:00:00
db:NVDid:CVE-2021-37175date:2021-09-14T11:15:25.367