Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-39675

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-09 Jul, 2024 | 12:05
Updated At-27 Aug, 2025 | 20:42
Rejected At-
Credits

A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:09 Jul, 2024 | 12:05
Updated At:27 Aug, 2025 | 20:42
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.

Affected Products
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RMC30
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RMC30NC
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RP110
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RP110NC
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS400
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS400NC
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS401
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS401NC
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416NC
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416NCv2 V4.X
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416NCv2 V5.X
Default Status
unknown
Versions
Affected
  • From 0 before V5.9.0 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416P
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416PNC
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416PNCv2 V4.X
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416PNCv2 V5.X
Default Status
unknown
Versions
Affected
  • From 0 before V5.9.0 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416Pv2 V4.X
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416Pv2 V5.X
Default Status
unknown
Versions
Affected
  • From 0 before V5.9.0 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416v2 V4.X
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS416v2 V5.X
Default Status
unknown
Versions
Affected
  • From 0 before V5.9.0 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS910
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS910L
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS910LNC
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS910NC
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS910W
Default Status
unknown
Versions
Affected
  • From 0 before V4.3.10 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS920L
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS920LNC
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM RS920W
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Problem Types
TypeCWE IDDescription
CWECWE-497CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Type: CWE
CWE ID: CWE-497
Description: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
4.08.7HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-170375.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-170375.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rmc30
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rmc30:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rmc30nc
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rmc30nc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rp110
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rp110:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rp110nc
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rp110nc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs400
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs400:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs400nc
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs400nc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs401
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs401:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs401nc
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs401nc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416nc
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416nc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416ncv2
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416ncv2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416ncv2
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416ncv2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 5.9.0 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416p
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416p:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416pnc
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416pnc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416pncv2
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416pncv2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 5.9.0 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416pncv2
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416pncv2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416pv2
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416pv2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416pv2
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416pv2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 5.9.0 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416v2
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416v2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs416v2
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs416v2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 5.9.0 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs910
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs910:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs910l
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs910l:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs920l
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs920l:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs910lnc
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs910lnc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs910nc
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs910nc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs920lnc
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs920lnc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs910w
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs910w:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.10 (custom)
Vendor
Siemens AGsiemens
Product
ruggedcom_ros_rs920w
CPEs
  • cpe:2.3:o:siemens:ruggedcom_ros_rs920w:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-170375.html
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-170375.html
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:09 Jul, 2024 | 12:15
Updated At:09 Jul, 2024 | 18:19

A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-497Primaryproductcert@siemens.com
CWE ID: CWE-497
Type: Primary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/html/ssa-170375.htmlproductcert@siemens.com
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-170375.html
Source: productcert@siemens.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

11Records found
CVE-2019-12257
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-15.36% / 94.49%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 17:49
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

Action-Not Available
Vendor-windriverbeldenn/aNetApp, Inc.Siemens AGSonicWall Inc.
Product-hirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018hirschmann_grs1042siprotec_5_firmwareruggedcom_win7000ruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwaree-series_santricity_os_controllervxworkshirschmann_msp40hirschmann_octopus_os3hirschmann_rsp30hirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_grs1020hirschmann_eesx30hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23811
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-1.55% / 81.14%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-04 Oct, 2024 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMSsinec_nms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-23810
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.76% / 72.96%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-09 May, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-12736
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.49%
||
7 Day CHG~0.00%
Published-26 Dec, 2017 | 04:00
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xr-500scalance_xr300-wg_firmwarescalance_xm-400_firmwarescalance_xc-200ruggedcomruggedcom_rsl910scalance_xb-200_firmwarescalance_xc-200_firmwarescalance_xr300-wgscalance_xr-500_firmwarescalance_xm-400scalance_xb-200ruggedcom_rosscalance_xp-200_firmwarescalance_xp-200RUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RS900MNC-STND-XX-C01RUGGEDCOM RSG920P V4.XSCALANCE XB213-3 (ST, E/IP)RUGGEDCOM RS401NCSCALANCE XC208SCALANCE XR326-2C PoE WGRUGGEDCOM RSG2100PNC (32M) V4.XSCALANCE XC216-4C G EECRUGGEDCOM RS920LNCRUGGEDCOM RS910LRUGGEDCOM RS930WRUGGEDCOM RSG2100NC(32M) V5.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSG2288NC V5.XSCALANCE XP208RUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600SCALANCE XP208GRUGGEDCOM i801NCRUGGEDCOM RS940GRUGGEDCOM RSG2100NC(32M) V4.XSCALANCE XP216EEC (V2)RUGGEDCOM i800NCRUGGEDCOM RS910RUGGEDCOM RSG908CSIPLUS NET SCALANCE XC208RUGGEDCOM RS8000NCRUGGEDCOM RS900NC(32M) V4.XSCALANCE XB205-3LD (SC, E/IP)SCALANCE XP216RUGGEDCOM RS920LSCALANCE XP208PoE EECRUGGEDCOM RMC8388 V4.XSCALANCE XB213-3LD (SC, PN)RUGGEDCOM RS8000HSCALANCE XF204-2BARUGGEDCOM RS900LNCRUGGEDCOM RS8000TRUGGEDCOM RS910NCSCALANCE XC216-4C G (EIP Def.)SCALANCE XF204 DNASCALANCE XR526-8C, 1x230VRUGGEDCOM RS900GSCALANCE XP216GSCALANCE XC206-2G PoE EEC (54 V DC)RUGGEDCOM RS900M-STND-XXRUGGEDCOM RS900WSCALANCE XC216RUGGEDCOM RMC8388 V5.XRUGGEDCOM RS900MNC-STND-XXRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RSG910CSCALANCE XB206-2 (ST/BFOC)SCALANCE XC206-2 (ST/BFOC)SCALANCE XF204GRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS1600NCRUGGEDCOM RS969RUGGEDCOM RS900 (32M) V4.XSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)RUGGEDCOM RSG909RSCALANCE XP208EECSCALANCE XP216G PoE EECRUGGEDCOM RSG2100PRUGGEDCOM RS930LNCRUGGEDCOM RS416PSCALANCE XR524-8C, 24VSCALANCE XF204-2BA DNARUGGEDCOM RSG920P V5.XSCALANCE XC206-2 (SC)RUGGEDCOM RSG2200NCRUGGEDCOM RS8000HNCRUGGEDCOM RSG2300PNC V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FSCALANCE XC208EECRUGGEDCOM RS416NCRUGGEDCOM RS930LRUGGEDCOM RSG907RSCALANCE XC208GSCALANCE XR524-8C, 2x230V (L3 int.)RUGGEDCOM RSG2300P V5.XSCALANCE XB216 (E/IP)SCALANCE XF204SCALANCE XR528-6MSCALANCE XP208G EECRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XSCALANCE XC206-2SFP GSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XB205-3 (ST, E/IP)SCALANCE XB206-2 SCSIPLUS NET SCALANCE XC216-4CSCALANCE XC208G PoERUGGEDCOM RS940GNCSCALANCE XC224-4C G (EIP Def.)RUGGEDCOM RS900GNCRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RMC8388NC V5.XRUGGEDCOM RS910LNCRUGGEDCOM RSG2288NC V4.XRUGGEDCOM RSG2488 V5.XSCALANCE XM408-8C (L3 int.)RUGGEDCOM RMC30SCALANCE XM408-8CSCALANCE XP208G PPSCALANCE XB213-3LD (SC, E/IP)SCALANCE XB205-3LD (SC, PN)SCALANCE XB205-3 (SC, PN)SCALANCE XP216POE EECRUGGEDCOM RS8000ANCRUGGEDCOM RMC8388NC V4.XRUGGEDCOM RS1600TSCALANCE XR552-12MRUGGEDCOM RS900G (32M) V5.XSCALANCE XP216 (V2)RUGGEDCOM RS400NCRUGGEDCOM RS900MNC-GETS-C01RUGGEDCOM RS900M-GETS-C01SCALANCE XP208 (Ethernet/IP)RUGGEDCOM RSG2488NC V4.XSCALANCE XB206-2 LDRUGGEDCOM RP110RUGGEDCOM i801SCALANCE XC208G (EIP def.)RUGGEDCOM RS416v2 V4.XSCALANCE XR528-6M (L3 int.)RUGGEDCOM RS416NCv2 V4.XSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE XR552-12M (2HR2, L3 int.)RUGGEDCOM RS8000TNCSCALANCE XB205-3 (ST, PN)SCALANCE XB208 (E/IP)RUGGEDCOM RSG2300P V4.XRUGGEDCOM RS416v2 V5.XSCALANCE XP216G EECRUGGEDCOM RS920WRUGGEDCOM M2200RUGGEDCOM RS900MNC-GETS-XXRUGGEDCOM RSG2300NC V5.XSCALANCE XP208G PoE EECRUGGEDCOM RS900GNC(32M) V4.XRUGGEDCOM RS900SCALANCE XR524-8C, 1x230VSCALANCE XC206-2G PoE (54 V DC)RUGGEDCOM RSG2100RUGGEDCOM M969NCRUGGEDCOM RS416PNCRUGGEDCOM RS1600FNCSCALANCE XB213-3 (ST, PN)RUGGEDCOM RS400RUGGEDCOM RS900NC(32M) V5.XSCALANCE XR526-8C, 24V (L3 int.)SIPLUS NET SCALANCE XC206-2RUGGEDCOM RS1600TNCRUGGEDCOM RS900G (32M) V4.XSCALANCE XC208G PoE (54 V DC)RUGGEDCOM M969RUGGEDCOM RS416PNCv2 V4.XSCALANCE XB206-2 STSIPLUS NET SCALANCE XC206-2SFPRUGGEDCOM M2200NCSCALANCE XC206-2G PoERUGGEDCOM RS8000ASCALANCE XB213-3 (SC, PN)RUGGEDCOM i803RUGGEDCOM RSG2100PNCSCALANCE XC216-3G PoE (54 V DC)RUGGEDCOM RSG920PNC V5.XSCALANCE XM416-4C (L3 int.)RUGGEDCOM RSG2100NCSCALANCE XR524-8C, 24V (L3 int.)SCALANCE XC224RUGGEDCOM RP110NCSCALANCE XR526-8C, 24VRUGGEDCOM RSG2200RUGGEDCOM RSG2488NC V5.XRUGGEDCOM RSL910NCRUGGEDCOM RS969NCRUGGEDCOM RS416SCALANCE XR528-6M (2HR2)SCALANCE XC206-2SFP EECSCALANCE XR552-12M (2HR2)RUGGEDCOM RST2228PRUGGEDCOM i800SCALANCE XM408-4CRUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RS416PNCv2 V5.XSCALANCE XC216-4C GSCALANCE XC216EECRUGGEDCOM RS416NCv2 V5.XSCALANCE XC216-3G PoESCALANCE XP216PoE EEC (V2)SCALANCE XR524-8C, 1x230V (L3 int.)RUGGEDCOM RSG2100 (32M) V4.XSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XB206-2LDSCALANCE XC224-4C G EECRUGGEDCOM RSL910SCALANCE XB208 (PN)SCALANCE XC206-2SFP G EECSCALANCE XP216 (Ethernet/IP)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE XR328-4C WG (28xGE, DC 24V)RUGGEDCOM RST916CRUGGEDCOM RS900GPRUGGEDCOM RS900GPNCSCALANCE XR324WG (24 x FE, AC 230V)RUGGEDCOM RSG2488 V4.XSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XR524-8C, 2x230VRUGGEDCOM i802SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)RUGGEDCOM RS900GNC(32M) V5.XSCALANCE XC216-4CSCALANCE XB216 (PN)SCALANCE XM416-4CSCALANCE XP216EECSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)RUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RSG2300NC V4.XRUGGEDCOM RSG920PNC V4.XSCALANCE XC224-4C GSCALANCE XR328-4C WG (28xGE, AC 230V)RUGGEDCOM i802NCRUGGEDCOM i803NCSCALANCE XB213-3 (SC, E/IP)RUGGEDCOM M2100SCALANCE XC208G EECRUGGEDCOM RSG2300PNC V4.XRUGGEDCOM RS900NCSCALANCE XR326-2C PoE WG (without UL)SCALANCE XM408-4C (L3 int.)RUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RMC30NCSCALANCE XR526-8C, 2x230VSCALANCE XB206-2 (SC)SCALANCE XC206-2SFPRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM M2100NCRUGGEDCOM RSG2100P (32M) V5.X
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-665
Improper Initialization
CVE-2025-41224
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.7||HIGH
EPSS-0.03% / 7.45%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:35
Updated-08 Jul, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RSL910NC (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot.

Action-Not Available
Vendor-Siemens AG
Product-RUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RMC8388NC V5.XRUGGEDCOM RST2228PRUGGEDCOM RSG909RRUGGEDCOM RSG2300NC V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS416PNCv2 V5.XRUGGEDCOM RSG2288NC V5.XRUGGEDCOM RSG920P V5.XRUGGEDCOM RS416NCv2 V5.XRUGGEDCOM RSG2300PNC V5.XRUGGEDCOM RSL910RUGGEDCOM RST2228RUGGEDCOM RSG910CRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RST916CRUGGEDCOM RSG2488NC V5.XRUGGEDCOM RS900GNC(32M) V5.XRUGGEDCOM RSG2100NC(32M) V5.XRUGGEDCOM RS900NC(32M) V5.XRUGGEDCOM RST916PRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RSG908CRUGGEDCOM RSG2300 V5.XRUGGEDCOM RMC8388 V5.XRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RSG907RRUGGEDCOM RSL910NCRUGGEDCOM RSG920PNC V5.XRUGGEDCOM RSG2488 V5.XRUGGEDCOM RSG2100 (32M) V5.X
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2022-26476
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.21%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:21
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.

Action-Not Available
Vendor-Siemens AG
Product-spectrum_power_4spectrum_power_microgrid_management_systemspectrum_power_7Spectrum Power 4Spectrum Power 7Spectrum Power MGMS
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-31930
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.04% / 13.11%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) (All versions < V2.135), UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) (All versions < V2.135), UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) (All versions < V2.135), UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) (All versions < V2.135), UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) (All versions < V2.135), UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) (All versions < V2.135), VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2) (All versions < V2.135). Affected devices contain Modbus service enabled by default. This could allow an attacker connected to the same network to remotely control the EV charger.

Action-Not Available
Vendor-Siemens AG
Product-IEC 3Ph 22kW Child socket/ shutterIEC 1Ph 7.4kW Parent socket incl. SIMUL Commercial Parent 48A (USPS)UL Commercial Child 40A w/ 15118 HWIEC 1Ph 7.4kW Child socket/ shutterIEC 1Ph 7.4kW Parent cable 7m incl. SIMIEC ERK 3Ph 22 kW Parent socket incl. SIUL Commercial Parent 48A BA CompliantIEC 1Ph 7.4kW Parent socket/ shutterIEC 3Ph 22kW Parent socket incl. SIMVersiCharge Blue™ 80A AC CellularUL Commercial Child 48A w/ 15118 HWUL Commercial Parent 40A with SimcardIEC 3Ph 22kW Parent cable 7m incl. SIMIEC ERK 3Ph 22 kW Child cable 7mUL Commercial Parent 48A,15118 25ft SimUL Commercial Parent 48A, 15118, 25ftIEC ERK 3Ph 22 kW Child socketIEC 1Ph 7.4kW Parent socket/ shutter SIMIEC 3Ph 22kW Parent cable 7mUL Commercial Child 48A BA CompliantIEC 3Ph 22kW Parent socket/ shutterUL Commercial Cellular 48A NTEPIEC 3Ph 22kW Child cable 7mIEC 1Ph 7.4kW Parent cable 7mIEC 3Ph 22kW Parent socket/ shutter SIMIEC 3Ph 22kW Parent socketIEC ERK 3Ph 22 kW Parent socketUL Commercial Parent 48A with Simcard BAIEC 1Ph 7.4kW Parent socketIEC 3Ph 22kW Child socketIEC 1Ph 7.4kW Child socket
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2021-25667
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.39%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 17:03
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

Action-Not Available
Vendor-Siemens AG
Product-scalance_m-800_firmwarescalance_xm400scalance_x300wgscalance_xp-200_firmwarescalance_xc-200_firmwarescalance_xf-200ba_firmwarescalance_sc646-2c_firmwarescalance_xb-200ruggedcom_rm1224_firmwarescalance_sc636-2cscalance_sc642-2c_firmwarescalance_xp-200scalance_xr500ruggedcom_rm1224scalance_xf-200bascalance_sc622-2cscalance_s615scalance_sc646-2cscalance_xm400_firmwarescalance_xb-200_firmwarescalance_sc642-2cscalance_x300wg_firmwarescalance_xc-200scalance_xr500_firmwarescalance_sc632-2c_firmwarescalance_sc622-2c_firmwarescalance_m-800scalance_s615_firmwarescalance_sc636-2c_firmwarescalance_sc632-2cSCALANCE XM400SCALANCE SC-600 FamilySCALANCE XR-300WGSCALANCE XR500SCALANCE XF-200BARUGGEDCOM RM1224SCALANCE XP-200SCALANCE M-800SCALANCE XC-200SCALANCE S615SCALANCE XB-200
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8313
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.7||HIGH
EPSS-0.14% / 33.86%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 04:29
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Default or Guessable SNMP community names in B&R APROL

An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-APROL
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-9364
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.7||HIGH
EPSS-0.02% / 4.15%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 12:41
Updated-10 Sep, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation FactoryTalk® Analytics™ LogixAI® Exposed Redis DB

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-factorytalk_analytics_logixaiFactoryTalk® Analytics™ LogixAI®
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-4008
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.3||HIGH
EPSS-0.24% / 46.72%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 17:15
Updated-17 Sep, 2025 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FDSK Leak in KNX Secure Devices

FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System

Action-Not Available
Vendor-ABBBusch-Jaeger (ABB)
Product-2tma310011b0001_firmware2tma310010b00012tma310010b0001_firmware2tma310010b0003_firmware2tma310010b00032tma310011b0003_firmware2tma310011b00032tma310011b00012tma310011b0002_firmware2tma310011b0002RoomTouch 4", RT/U12.86.11-8112.4! Display 55, SD/U12.55.11-825RoomTouch 4", RT-U12-86-1-811RoomTouch 4", RT/U12.86.11-825RoomTouch 4", RT/U12.86.1-825BCU KNX, BA-U1.0.1BCU KNX, BA-U1.0.212.4! Display 63, SD/U12.63.11-8252,4'' Display 70, SD/U12.70.11-40152.4! Display 55, SD/SD/U12.55.1-8252,4'' Display 70, SD-U12-70-1-4015BCU KNX, BA-U1.0.11
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Details not found