CVE-2024-39675

EUVD-2024-38180
A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
siemensruggedcom_ros_rmc30
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rmc30nc
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rp110
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rp110nc
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs400
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs400nc
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs401
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs401nc
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs416
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs416nc
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs416ncv2
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs416ncv2
𝑥
< 5.9.0
ADP
siemensruggedcom_ros_rs416p
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs416pnc
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs416pncv2
𝑥
< 5.9.0
ADP
siemensruggedcom_ros_rs416pncv2
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs416pv2
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs416pv2
𝑥
< 5.9.0
ADP
siemensruggedcom_ros_rs416v2
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs416v2
𝑥
< 5.9.0
ADP
siemensruggedcom_ros_rs910
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs910l
𝑥
< *
ADP
siemensruggedcom_ros_rs920l
𝑥
< *
ADP
siemensruggedcom_ros_rs910lnc
𝑥
< *
ADP
siemensruggedcom_ros_rs910nc
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs920lnc
𝑥
< *
ADP
siemensruggedcom_ros_rs910w
𝑥
< 4.3.10
ADP
siemensruggedcom_ros_rs920w
𝑥
< *
ADP
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-170375.html
https://cert-portal.siemens.com/productcert/html/ssa-170375.html