CVE-2021-42017
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-42017
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不恰当实现的标准安全检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens RUGGEDCOM 安全特征问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens RUGGEDCOM是德国西门子(Siemens)公司的一个通信设备。为电力,交通,石油和天然气及其他行业提供快速可靠的通信。 Siemens RUGGEDCOM ROS多个型号存在安全特征问题漏洞,该漏洞源于TLS 1.0至1.2中CBC加密模式的实现缺陷。攻击者可利用该漏洞充当中间人,窃听加密通信。受影响型号:RUGGEDCOM ROS M2100(版本<V5.6.0)、RUGGEDCOM ROS RMC8388设备(版本<V5.6.0)、RUGGEDCOM ROS RS416v2(版本
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-42017
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-42017
请登录查看更多情报信息。
Same Patch Batch · Siemens · 2022-03-08 · 20 CVEs total
| CVE-2021-37208 | 9.6 CRITICAL | Siemens RUGGEDCOM 跨站脚本漏洞 |
| CVE-2021-42020 | 7.5 HIGH | Siemens RUGGEDCOM代码问题漏洞 |
| CVE-2021-42016 | 7.5 HIGH | Siemens RUGGEDCOM 安全漏洞 |
| CVE-2022-25311 | 7.3 HIGH | Siemens SINEC NMS 安全漏洞 |
| CVE-2022-24281 | 7.2 HIGH | Siemens SINEC NMS SQL注入漏洞 |
| CVE-2022-24282 | 7.2 HIGH | Siemens SINEC NMS 代码问题漏洞 |
| CVE-2022-24309 | 6.8 MEDIUM | Siemens Mendix 安全漏洞 |
| CVE-2021-37209 | 6.7 MEDIUM | Siemens RUGGEDCOM 加密问题漏洞 |
| CVE-2021-42018 | 5.9 MEDIUM | Siemens RUGGEDCOM 缓冲区错误漏洞 |
| CVE-2021-42019 | 5.9 MEDIUM | Siemens RUGGEDCOM 输入验证错误漏洞 |
| CVE-2021-41543 | Siemens Climatix Pol909 日志信息泄露漏洞 | |
| CVE-2021-41542 | Climatix POL909 跨站脚本漏洞 | |
| CVE-2021-44478 | Siemens Polarion Subversion Webclient 跨站脚本漏洞 | |
| CVE-2021-41541 | Climatix POL909跨站脚本漏洞 | |
| CVE-2022-24408 | Siemens SINUMERIK 安全漏洞 | |
| CVE-2022-24661 | Siemens Simcenter STAR-CCM+ 缓冲区错误漏洞 | |
| CVE-2022-26313 | Siemens Mendix 访问控制错误漏洞 | |
| CVE-2022-26314 | Siemens Mendix 安全漏洞 | |
| CVE-2022-26317 | Siemens Mendix 安全特征问题特征问题漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-358
- CVE-2025-31983
HCL BigFix Service Management (SM) is affected by a security - CVE-2025-31970
HCL DFXAnalytics is affected by an Insecure Security Header - CVE-2026-22618
Eaton Intelligent Power Protector 安全漏洞 - CVE-2026-35679
Zcash 安全特征问题漏洞 - CVE-2026-2645
Acceptance of CertificateVerify Message before ClientKeyExch
V. Comments for CVE-2021-42017
No comments yet