Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38278

CVSS 6.6 · Medium EPSS 0.09% · P26
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-38278

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权授予不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens RUGGEDCOM 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens RUGGEDCOM是德国西门子(Siemens)公司的一个通信设备。为电力,交通,石油和天然气及其他行业提供快速可靠的通信。 Siemens RUGGEDCOM 存在安全漏洞,该漏洞源于启用了 IP 转发的受影响产品错误地在非托管 VLAN 中提供某些远程服务,即使这些服务不是故意激活的。攻击者可以利用此漏洞创建受影响系统的远程终端。以下产品及版本受到影响:Siemens RUGGEDCOM RMC8388 V5.9.0 版本之前的 V5.X 版本, RUGGEDCOM RMC8388NC
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensRUGGEDCOM RMC8388 V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RMC8388NC V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RS416NCv2 V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RS416PNCv2 V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RS416Pv2 V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RS416v2 V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RS900 (32M) V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RS900G (32M) V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RS900GNC(32M) V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RS900NC(32M) V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2100 (32M) V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2100NC(32M) V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2100P (32M) V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2100PNC (32M) V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2288 V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2288NC V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2300 V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2300NC V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2300P V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2300PNC V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2488 V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG2488NC V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG907R 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG908C 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG909R 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG910C 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG920P V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSG920PNC V5.X 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSL910 0 ~ V5.9.0 -
SiemensRUGGEDCOM RSL910NC 0 ~ V5.9.0 -
SiemensRUGGEDCOM RST2228 0 ~ V5.9.0 -
SiemensRUGGEDCOM RST2228P 0 ~ V5.9.0 -
SiemensRUGGEDCOM RST916C 0 ~ V5.9.0 -
SiemensRUGGEDCOM RST916P 0 ~ V5.9.0 -

II. Public POCs for CVE-2024-38278

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-38278

登录查看更多情报信息。

Same Patch Batch · Siemens · 2024-07-09 · 33 CVEs total

CVE-2024-398729.6 CRITICALSiemens SINEMA Remote Connect Server 安全漏洞
CVE-2024-395708.8 HIGHSiemens SINEMA Remote Connect Server 命令注入漏洞
CVE-2024-395718.8 HIGHSiemens SINEMA Remote Connect Server 安全漏洞
CVE-2024-396758.8 HIGHSiemens 多款产品安全漏洞
CVE-2024-398658.8 HIGHSiemens SINEMA Remote Connect Server 代码问题漏洞
CVE-2024-398668.8 HIGHSiemens SINEMA Remote Connect 安全漏洞
CVE-2022-451477.8 HIGHSiemens SIMATIC PCS和SIMATIC STEP 代码问题漏洞
CVE-2024-379977.8 HIGHSiemens JT Open Toolkit 安全漏洞
CVE-2024-395677.8 HIGHSiemens SINEMA Remote Connect 命令注入漏洞
CVE-2024-395687.8 HIGHSiemens SINEMA Remote Connect 命令注入漏洞
CVE-2024-336547.8 HIGHSiemens Simcenter Femap 缓冲区错误漏洞
CVE-2024-336537.8 HIGHSiemens Simcenter Femap 缓冲区错误漏洞
CVE-2024-320567.8 HIGHSiemens Simcenter Femap 缓冲区错误漏洞
CVE-2024-398677.6 HIGHSiemens SINEMA Remote Connect 安全漏洞
CVE-2024-398687.6 HIGHSiemens SINEMA Remote Connect Server 安全漏洞
CVE-2024-398737.5 HIGHSiemens SINEMA Remote Connect Server 安全漏洞
CVE-2024-398887.5 HIGHSiemens Mendix 安全漏洞
CVE-2024-398747.5 HIGHSiemens SINEMA Remote Connect 安全漏洞
CVE-2023-522377.5 HIGHSiemens 多款产品信息泄露漏洞
CVE-2024-395696.6 MEDIUMSiemens SINEMA Remote Connect Client 命令注入漏洞

Showing top 20 of 33 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: RUGGEDCOM RMC8388 V5.X
Same vendor: Siemens
Same weakness: CWE-266

V. Comments for CVE-2024-38278

No comments yet

Leave a comment