cve-2025-41224
Vulnerability from cvelistv5
Published
2025-07-08 10:35
Modified
2025-07-08 20:31
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.7 (High) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RSL910NC (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/html/ssa-083019.html
Impacted products
SiemensRUGGEDCOM RMC8388 V5.X
SiemensRUGGEDCOM RMC8388NC V5.X
SiemensRUGGEDCOM RS416NCv2 V5.X
SiemensRUGGEDCOM RS416PNCv2 V5.X
SiemensRUGGEDCOM RS416Pv2 V5.X
SiemensRUGGEDCOM RS416v2 V5.X
SiemensRUGGEDCOM RS900 (32M) V5.X
SiemensRUGGEDCOM RS900G (32M) V5.X
SiemensRUGGEDCOM RS900GNC(32M) V5.X
SiemensRUGGEDCOM RS900NC(32M) V5.X
SiemensRUGGEDCOM RSG2100 (32M) V5.X
SiemensRUGGEDCOM RSG2100NC(32M) V5.X
SiemensRUGGEDCOM RSG2100P (32M) V5.X
SiemensRUGGEDCOM RSG2100PNC (32M) V5.X
SiemensRUGGEDCOM RSG2288 V5.X
SiemensRUGGEDCOM RSG2288NC V5.X
SiemensRUGGEDCOM RSG2300 V5.X
SiemensRUGGEDCOM RSG2300NC V5.X
SiemensRUGGEDCOM RSG2300P V5.X
SiemensRUGGEDCOM RSG2300PNC V5.X
SiemensRUGGEDCOM RSG2488 V5.X
SiemensRUGGEDCOM RSG2488NC V5.X
SiemensRUGGEDCOM RSG907R
SiemensRUGGEDCOM RSG908C
SiemensRUGGEDCOM RSG909R
SiemensRUGGEDCOM RSG910C
SiemensRUGGEDCOM RSG920P V5.X
SiemensRUGGEDCOM RSG920PNC V5.X
SiemensRUGGEDCOM RSL910
SiemensRUGGEDCOM RSL910NC
SiemensRUGGEDCOM RST2228
SiemensRUGGEDCOM RST2228P
SiemensRUGGEDCOM RST916C
SiemensRUGGEDCOM RST916P
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41224",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-08T20:31:21.314188Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-08T20:31:27.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416NCv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416PNCv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416Pv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416v2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900 (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900G (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GNC(32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900NC(32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100 (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100NC(32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100P (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100PNC (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300P V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300PNC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG907R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG908C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG909R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG910C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920P V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920PNC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSL910",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSL910NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST2228",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST2228P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST916C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST916P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG907R (All versions \u003c V5.10.0), RUGGEDCOM RSG908C (All versions \u003c V5.10.0), RUGGEDCOM RSG909R (All versions \u003c V5.10.0), RUGGEDCOM RSG910C (All versions \u003c V5.10.0), RUGGEDCOM RSG920P V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSL910 (All versions \u003c V5.10.0), RUGGEDCOM RSL910NC (All versions \u003c V5.10.0), RUGGEDCOM RST2228 (All versions \u003c V5.10.0), RUGGEDCOM RST2228P (All versions \u003c V5.10.0), RUGGEDCOM RST916C (All versions \u003c V5.10.0), RUGGEDCOM RST916P (All versions \u003c V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-08T10:35:09.492Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-083019.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-41224",
    "datePublished": "2025-07-08T10:35:09.492Z",
    "dateReserved": "2025-04-16T09:27:14.282Z",
    "dateUpdated": "2025-07-08T20:31:27.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-41224\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2025-07-08T11:15:31.527\",\"lastModified\":\"2025-07-08T16:18:14.207\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG907R (All versions \u003c V5.10.0), RUGGEDCOM RSG908C (All versions \u003c V5.10.0), RUGGEDCOM RSG909R (All versions \u003c V5.10.0), RUGGEDCOM RSG910C (All versions \u003c V5.10.0), RUGGEDCOM RSG920P V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions \u003c V5.10.0), RUGGEDCOM RSL910 (All versions \u003c V5.10.0), RUGGEDCOM RSL910NC (All versions \u003c V5.10.0), RUGGEDCOM RST2228 (All versions \u003c V5.10.0), RUGGEDCOM RST2228P (All versions \u003c V5.10.0), RUGGEDCOM RST916C (All versions \u003c V5.10.0), RUGGEDCOM RST916P (All versions \u003c V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en RUGGEDCOM RMC8388 V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RMC8388NC V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RS416NCv2 V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RS416Pv2 V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RS416v2 V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RS900 (32M) V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RS900G (32M) V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2288 V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2288NC V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2300 V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2300NC V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2300P V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2300PNC V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2488 V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG2488NC V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG907R (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG908C (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG909R (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG910C (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG920P V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSG920PNC V5.X (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSL910 (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RSL910NC (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RST2228 (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RST2228P (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RST916C (Todas las versiones \u0026lt; V5.10.0), RUGGEDCOM RST916P (Todas las versiones \u0026lt; V5.10.0). Los productos afectados no aplican correctamente las restricciones de acceso a la interfaz al cambiar de una configuraci\u00f3n de interfaz de administraci\u00f3n a una de no administraci\u00f3n hasta que se reinicia el sistema, a pesar de que la configuraci\u00f3n se haya guardado. Esto podr\u00eda permitir que un atacante con acceso a la red y credenciales acceda al dispositivo a trav\u00e9s de una configuraci\u00f3n de no administraci\u00f3n y mantenga el acceso SSH hasta el reinicio.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-693\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-083019.html\",\"source\":\"productcert@siemens.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.