Sign-up

ID

VAR-202203-0245


CVE

CVE-2021-42017


TITLE

Siemens'  RUGGEDCOM ROS  security check vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018692

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. Siemens' RUGGEDCOM ROS contains a security check vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-42017 // JVNDB: JVNDB-2021-018692

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcom rosscope:ltversion:5.6.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rosscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:ruggedcom rosscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rosscope:eqversion:5.6.0

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-018692 // NVD: CVE-2021-42017

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-42017
value: MEDIUM

Trust: 1.8

productcert@siemens.com: CVE-2021-42017
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202203-658
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-42017
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-018692
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-018692 // NVD: CVE-2021-42017 // NVD: CVE-2021-42017 // CNNVD: CNNVD-202203-658

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.0

problemtype:Improperly implemented security checks (CWE-358) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-018692 // NVD: CVE-2021-42017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-658

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202203-658

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-42017

PATCH
title:RUGGEDCOM ROS multiple models Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=185158
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202203-658

EXTERNAL IDS
db:NVDid:CVE-2021-42017
Trust: 3.2
db:SIEMENSid:SSA-256353
Trust: 2.4
db:JVNid:JVNVU91709091
Trust: 0.8
db:ICS CERTid:ICSA-22-069-12
Trust: 0.8
db:JVNDBid:JVNDB-2021-018692
Trust: 0.8
db:CS-HELPid:SB2022031012
Trust: 0.6
db:CNNVDid:CNNVD-202203-658
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-018692 // 
            
            
            
            NVD: CVE-2021-42017 // 
            
            
            
            CNNVD: CNNVD-202203-658

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf
Trust: 2.4
url:https://jvn.jp/vu/jvnvu91709091/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2021-42017
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-12
Trust: 0.8
url:https://vigilance.fr/vulnerability/ruggedcom-ros-multiple-vulnerabilities-37732
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022031012
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2021-42017/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-018692 // 
            
            
            
            NVD: CVE-2021-42017 // 
            
            
            
            CNNVD: CNNVD-202203-658

SOURCES
db:JVNDBid:JVNDB-2021-018692
db:NVDid:CVE-2021-42017
db:CNNVDid:CNNVD-202203-658

LAST UPDATE DATE
2023-12-18T11:16:36.230000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-018692date:2023-07-05T08:11:00
db:NVDid:CVE-2021-42017date:2023-12-12T12:15:08.940
db:CNNVDid:CNNVD-202203-658date:2023-04-12T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-018692date:2023-07-05T00:00:00
db:NVDid:CVE-2021-42017date:2022-03-08T12:15:10.890
db:CNNVDid:CNNVD-202203-658date:2022-03-08T00:00:00