Sign-up

ID

VAR-202203-0249


CVE

CVE-2021-42016


TITLE

Siemens'  RUGGEDCOM ROS  Vulnerability related to information leakage due to timing difference in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018693

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. Siemens' RUGGEDCOM ROS contains an information disclosure vulnerability due to timing differences.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-42016 // JVNDB: JVNDB-2021-018693

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcom rosscope:ltversion:5.6.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rosscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:ruggedcom rosscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rosscope:eqversion:5.6.0

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-018693 // NVD: CVE-2021-42016

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-42016
value: HIGH

Trust: 1.8

productcert@siemens.com: CVE-2021-42016
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202203-663
value: HIGH

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-42016
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-018693
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-018693 // NVD: CVE-2021-42016 // NVD: CVE-2021-42016 // CNNVD: CNNVD-202203-663

PROBLEMTYPE DATA

problemtype:CWE-208

Trust: 1.0

problemtype:Information leakage due to timing difference (CWE-208) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-018693 // NVD: CVE-2021-42016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-663

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-663

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-42016

PATCH
title:Siemens RUGGEDCOM Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=185163
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202203-663

EXTERNAL IDS
db:NVDid:CVE-2021-42016
Trust: 3.2
db:SIEMENSid:SSA-256353
Trust: 2.4
db:JVNid:JVNVU91709091
Trust: 0.8
db:ICS CERTid:ICSA-22-069-12
Trust: 0.8
db:JVNDBid:JVNDB-2021-018693
Trust: 0.8
db:CS-HELPid:SB2022031012
Trust: 0.6
db:CNNVDid:CNNVD-202203-663
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-018693 // 
            
            
            
            NVD: CVE-2021-42016 // 
            
            
            
            CNNVD: CNNVD-202203-663

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf
Trust: 2.4
url:https://jvn.jp/vu/jvnvu91709091/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2021-42016
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-12
Trust: 0.8
url:https://vigilance.fr/vulnerability/ruggedcom-ros-multiple-vulnerabilities-37732
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022031012
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2021-42016/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-018693 // 
            
            
            
            NVD: CVE-2021-42016 // 
            
            
            
            CNNVD: CNNVD-202203-663

SOURCES
db:JVNDBid:JVNDB-2021-018693
db:NVDid:CVE-2021-42016
db:CNNVDid:CNNVD-202203-663

LAST UPDATE DATE
2023-12-18T11:23:20.114000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-018693date:2023-07-05T08:11:00
db:NVDid:CVE-2021-42016date:2023-12-12T12:15:08.800
db:CNNVDid:CNNVD-202203-663date:2023-04-12T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-018693date:2023-07-05T00:00:00
db:NVDid:CVE-2021-42016date:2022-03-08T12:15:10.827
db:CNNVDid:CNNVD-202203-663date:2022-03-08T00:00:00