Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-42020

CVSS 7.5 · High EPSS 0.34% · P57
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-42020

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对因果或异常条件的不恰当检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens RUGGEDCOM代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens RUGGEDCOM是德国西门子(Siemens)公司的一个通信设备。为电力,交通,石油和天然气及其他行业提供快速可靠的通信。 Siemens RUGGEDCOM ROS多个型号存在代码问题漏洞,该漏洞源于TFTP功能中的第三方组件无法检查文件名中是否存在空末端。攻击者可利用该漏洞导致数据损坏,并可能导致应用程序出现硬故障。受影响型号:RUGGEDCOM ROS M2100(版本<V5.6.0)、RUGGEDCOM ROS RMC8388设备(版本<V5.6.0)、RUGGEDCOM ROS
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensRUGGEDCOM i800 0 ~ V4.3.8 -
SiemensRUGGEDCOM i800NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM i801 0 ~ V4.3.8 -
SiemensRUGGEDCOM i801NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM i802 0 ~ V4.3.8 -
SiemensRUGGEDCOM i802NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM i803 0 ~ V4.3.8 -
SiemensRUGGEDCOM i803NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM M2100 0 ~ V4.3.8 -
SiemensRUGGEDCOM M2100NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM M2200 0 ~ V4.3.8 -
SiemensRUGGEDCOM M2200NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM M969 0 ~ V4.3.8 -
SiemensRUGGEDCOM M969NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RMC30 0 ~ V4.3.8 -
SiemensRUGGEDCOM RMC30NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RMC8388 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RMC8388 V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RMC8388NC V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RMC8388NC V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RP110 0 ~ V4.3.8 -
SiemensRUGGEDCOM RP110NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS1600 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS1600F 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS1600FNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS1600NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS1600T 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS1600TNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS400 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS400NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS401 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS401NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416NCv2 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416NCv2 V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RS416P 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416PNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416PNCv2 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416PNCv2 V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RS416Pv2 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416Pv2 V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RS416v2 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS416v2 V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RS8000 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000A 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000ANC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000H 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000HNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000T 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS8000TNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900 (32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900 (32M) V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RS900G 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900G (32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900G (32M) V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RS900GNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900GNC(32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900GNC(32M) V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RS900GP 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900GPNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900L 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900LNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900M-GETS-C01 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900M-GETS-XX 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900M-STND-C01 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900M-STND-XX 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900MNC-GETS-C01 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900MNC-GETS-XX 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900MNC-STND-XX 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900MNC-STND-XX-C01 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900NC(32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS900NC(32M) V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RS900W 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS910 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS910L 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS910LNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS910NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS910W 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS920L 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS920LNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS920W 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS930L 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS930LNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS930W 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS940G 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS940GNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS969 0 ~ V4.3.8 -
SiemensRUGGEDCOM RS969NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100 (32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100 (32M) V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2100NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100NC(32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100NC(32M) V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2100P 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100P (32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100P (32M) V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2100PNC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100PNC (32M) V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2100PNC (32M) V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2200 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2200NC 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2288 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2288 V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2288NC V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2288NC V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2300 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2300 V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2300NC V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2300NC V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2300P V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2300P V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2300PNC V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2300PNC V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2488 V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2488 V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG2488NC V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG2488NC V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG907R 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG908C 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG909R 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG910C 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG920P V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG920P V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSG920PNC V4.X 0 ~ V4.3.8 -
SiemensRUGGEDCOM RSG920PNC V5.X 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSL910 0 ~ V5.6.0 -
SiemensRUGGEDCOM RSL910NC 0 ~ V5.6.0 -
SiemensRUGGEDCOM RST2228 0 ~ V5.6.0 -
SiemensRUGGEDCOM RST2228P 0 ~ V5.6.0 -
SiemensRUGGEDCOM RST916C 0 ~ V5.6.0 -
SiemensRUGGEDCOM RST916P 0 ~ V5.6.0 -

II. Public POCs for CVE-2021-42020

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-42020

登录查看更多情报信息。

Same Patch Batch · Siemens · 2022-03-08 · 20 CVEs total

CVE-2021-372089.6 CRITICALSiemens RUGGEDCOM 跨站脚本漏洞
CVE-2021-420167.5 HIGHSiemens RUGGEDCOM 安全漏洞
CVE-2022-253117.3 HIGHSiemens SINEC NMS 安全漏洞
CVE-2022-242817.2 HIGHSiemens SINEC NMS SQL注入漏洞
CVE-2022-242827.2 HIGHSiemens SINEC NMS 代码问题漏洞
CVE-2022-243096.8 MEDIUMSiemens Mendix 安全漏洞
CVE-2021-372096.7 MEDIUMSiemens RUGGEDCOM 加密问题漏洞
CVE-2021-420175.9 MEDIUMSiemens RUGGEDCOM 安全特征问题漏洞
CVE-2021-420195.9 MEDIUMSiemens RUGGEDCOM 输入验证错误漏洞
CVE-2021-420185.9 MEDIUMSiemens RUGGEDCOM 缓冲区错误漏洞
CVE-2021-41543Siemens Climatix Pol909 日志信息泄露漏洞
CVE-2021-41542Climatix POL909 跨站脚本漏洞
CVE-2021-44478Siemens Polarion Subversion Webclient 跨站脚本漏洞
CVE-2021-41541Climatix POL909跨站脚本漏洞
CVE-2022-24408Siemens SINUMERIK 安全漏洞
CVE-2022-24661Siemens Simcenter STAR-CCM+ 缓冲区错误漏洞
CVE-2022-26313Siemens Mendix 访问控制错误漏洞
CVE-2022-26314Siemens Mendix 安全漏洞
CVE-2022-26317Siemens Mendix 安全特征问题特征问题漏洞

IV. Related Vulnerabilities

Same product: RUGGEDCOM i800
Same vendor: Siemens
Same weakness: CWE-754

V. Comments for CVE-2021-42020

No comments yet

Leave a comment