Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-37209

CVSS 6.7 · Medium EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-37209

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的加密强度
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens RUGGEDCOM 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens RUGGEDCOM是德国西门子(Siemens)公司的一个通信设备。为电力,交通,石油和天然气及其他行业提供快速可靠的通信。 Siemens RUGGEDCOM 多款产品存在加密问题漏洞,该漏洞源于在客户端配置文件中和网络传输期间未加密存储的密码可能允许处于特权位置的攻击者获取访问密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensRUGGEDCOM i800 0 ~ V4.3.8 -
SiemensRUGGEDCOM i801 0 ~ V4.3.8 -
SiemensRUGGEDCOM i802 0 ~ V4.3.8 -
SiemensRUGGEDCOM i803 0 ~ V4.3.8 -
SiemensRUGGEDCOM M2100 0 ~ V4.3.8 -
SiemensRUGGEDCOM M2200 0 ~ V4.3.8 -
SiemensRUGGEDCOM M969 0 ~ V4.3.8 -
SiemensRUGGEDCOM RMC30 0 ~ V4.3.8 -
SiemensRUGGEDCOM RMC8388 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RMC8388 V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RP110 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS1600 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS1600F 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS1600T 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS400 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS401 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416P 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416Pv2 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416Pv2 V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RS416v2 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416v2 V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RS8000 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000A 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000H 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000T 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900 (32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900 (32M) V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RS900G 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900G (32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900G (32M) V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RS900GP 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900L 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900M-GETS-C01 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900M-GETS-XX 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900M-STND-C01 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900M-STND-XX 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900W 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS910 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS910L 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS910W 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS920L 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS920W 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS930L 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS930W 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS940G 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS969 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100 (32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100 (32M) V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG2100P 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100P (32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100P (32M) V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG2200 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2288 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2288 V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG2300 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2300 V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG2300P V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2300P V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG2488 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2488 V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG907R 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG908C 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG909R 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG910C 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSG920P V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG920P V5.X 0 ~ V5.7.0 -
SiemensRUGGEDCOM RSL910 0 ~ V5.7.0 -
SiemensRUGGEDCOM RST2228 0 ~ V5.7.0 -
SiemensRUGGEDCOM RST2228P 0 ~ V5.7.0 -
SiemensRUGGEDCOM RST916C 0 ~ V5.7.0 -
SiemensRUGGEDCOM RST916P 0 ~ V5.7.0 -

II. Public POCs for CVE-2021-37209

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-37209

登录查看更多情报信息。

Same Patch Batch · Siemens · 2022-03-08 · 20 CVEs total

CVE-2021-372089.6 CRITICALSiemens RUGGEDCOM 跨站脚本漏洞
CVE-2021-420207.5 HIGHSiemens RUGGEDCOM代码问题漏洞
CVE-2021-420167.5 HIGHSiemens RUGGEDCOM 安全漏洞
CVE-2022-253117.3 HIGHSiemens SINEC NMS 安全漏洞
CVE-2022-242827.2 HIGHSiemens SINEC NMS 代码问题漏洞
CVE-2022-242817.2 HIGHSiemens SINEC NMS SQL注入漏洞
CVE-2022-243096.8 MEDIUMSiemens Mendix 安全漏洞
CVE-2021-420185.9 MEDIUMSiemens RUGGEDCOM 缓冲区错误漏洞
CVE-2021-420195.9 MEDIUMSiemens RUGGEDCOM 输入验证错误漏洞
CVE-2021-420175.9 MEDIUMSiemens RUGGEDCOM 安全特征问题漏洞
CVE-2021-41543Siemens Climatix Pol909 日志信息泄露漏洞
CVE-2021-41542Climatix POL909 跨站脚本漏洞
CVE-2021-44478Siemens Polarion Subversion Webclient 跨站脚本漏洞
CVE-2021-41541Climatix POL909跨站脚本漏洞
CVE-2022-24408Siemens SINUMERIK 安全漏洞
CVE-2022-24661Siemens Simcenter STAR-CCM+ 缓冲区错误漏洞
CVE-2022-26313Siemens Mendix 访问控制错误漏洞
CVE-2022-26314Siemens Mendix 安全漏洞
CVE-2022-26317Siemens Mendix 安全特征问题特征问题漏洞

IV. Related Vulnerabilities

Same product: RUGGEDCOM i800
Same vendor: Siemens
Same weakness: CWE-326

V. Comments for CVE-2021-37209

No comments yet

Leave a comment