fkie_cve-2024-39675
Vulnerability from fkie_nvd
Published
2024-07-09 12:15
Modified
2024-11-21 09:28
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/html/ssa-170375.html
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/html/ssa-170375.html
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in RUGGEDCOM RMC30 (All versions \u003c V4.3.10), RUGGEDCOM RMC30NC (All versions \u003c V4.3.10), RUGGEDCOM RP110 (All versions \u003c V4.3.10), RUGGEDCOM RP110NC (All versions \u003c V4.3.10), RUGGEDCOM RS400 (All versions \u003c V4.3.10), RUGGEDCOM RS400NC (All versions \u003c V4.3.10), RUGGEDCOM RS401 (All versions \u003c V4.3.10), RUGGEDCOM RS401NC (All versions \u003c V4.3.10), RUGGEDCOM RS416 (All versions \u003c V4.3.10), RUGGEDCOM RS416NC (All versions \u003c V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416P (All versions \u003c V4.3.10), RUGGEDCOM RS416PNC (All versions \u003c V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS910 (All versions \u003c V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions \u003c V4.3.10), RUGGEDCOM RS910W (All versions \u003c V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM RMC30 (Todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RMC30NC (Todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RP110 (Todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RP110NC (Todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS400 (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS400NC (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS401 (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS401NC (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS416 (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS416NC (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS416NCv2 V4.X (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS416NCv2 V5.X (todas las versiones \u0026lt; V5.9.0), RUGGEDCOM RS416P (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS416PNC (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (todas las versiones \u0026lt; V5.9.0), RUGGEDCOM RS416Pv2 V4.X ( Todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS416Pv2 V5.X (Todas las versiones \u0026lt; V5.9.0), RUGGEDCOM RS416v2 V4.X (Todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS416v2 V5.X (Todas las versiones \u0026lt; V5.9.0), RUGGEDCOM RS910 (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS910L (todas las versiones), RUGGEDCOM RS910LNC (todas las versiones), RUGGEDCOM RS910NC (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS910W (todas las versiones \u0026lt; V4.3.10), RUGGEDCOM RS920L ( Todas las versiones), RUGGEDCOM RS920LNC (Todas las versiones), RUGGEDCOM RS920W (Todas las versiones). En algunas configuraciones los productos afectados habilitan err\u00f3neamente el servicio Modbus en VLAN no gestionadas. S\u00f3lo los dispositivos serie se ven afectados por esta vulnerabilidad."
    }
  ],
  "id": "CVE-2024-39675",
  "lastModified": "2024-11-21T09:28:11.780",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "automatable": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirements": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "subsequentSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "vulnerableSystemAvailability": "HIGH",
          "vulnerableSystemConfidentiality": "HIGH",
          "vulnerableSystemIntegrity": "HIGH"
        },
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-09T12:15:17.180",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-497"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.