A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Siemens
  • Ruggedcom Ros Rmc30
  • Ruggedcom Ros Rmc30nc
  • Ruggedcom Ros Rp110
  • Ruggedcom Ros Rp110nc
  • Ruggedcom Ros Rs400
  • Ruggedcom Ros Rs400nc
  • Ruggedcom Ros Rs401
  • Ruggedcom Ros Rs401nc
  • Ruggedcom Ros Rs416
  • Ruggedcom Ros Rs416nc
  • Ruggedcom Ros Rs416ncv2
  • Ruggedcom Ros Rs416p
  • Ruggedcom Ros Rs416pnc
  • Ruggedcom Ros Rs416pncv2
  • Ruggedcom Ros Rs416pv2
  • Ruggedcom Ros Rs416v2
  • Ruggedcom Ros Rs910
  • Ruggedcom Ros Rs910l
  • Ruggedcom Ros Rs910lnc
  • Ruggedcom Ros Rs910nc
  • Ruggedcom Ros Rs910w
  • Ruggedcom Ros Rs920l
  • Ruggedcom Ros Rs920lnc
  • Ruggedcom Ros Rs920w

No data.

No data.

References
Link Providers
https://cert-portal.siemens.com/productcert/html/ssa-170375.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-07-09T12:05:18.310Z

Updated: 2024-08-02T04:26:16.017Z

Reserved: 2024-06-27T11:41:41.875Z

Link: CVE-2024-39675

cve-icon Vulnrichment

Updated: 2024-07-11T13:31:57.929Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-09T12:15:17.180

Modified: 2024-07-09T18:19:14.047

Link: CVE-2024-39675

cve-icon Redhat

No data.