CVE Vulnerabilities

CVE-2021-37209

Inadequate Encryption Strength

Published: Mar 08, 2022 | Modified: Nov 14, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default.

This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Weakness

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Affected Software

Name Vendor Start Version End Version
Ruggedcom_i800 Siemens - (including) - (including)
Ruggedcom_i801 Siemens - (including) - (including)
Ruggedcom_i802 Siemens - (including) - (including)
Ruggedcom_i803 Siemens - (including) - (including)
Ruggedcom_m2100 Siemens - (including) - (including)
Ruggedcom_m2200 Siemens - (including) - (including)
Ruggedcom_m969 Siemens - (including) - (including)
Ruggedcom_rmc Siemens - (including) - (including)
Ruggedcom_rmc20 Siemens - (including) - (including)
Ruggedcom_rmc30 Siemens - (including) - (including)
Ruggedcom_rmc40 Siemens - (including) - (including)
Ruggedcom_rmc41 Siemens - (including) - (including)
Ruggedcom_rmc8388 Siemens - (including) - (including)
Ruggedcom_rp110 Siemens - (including) - (including)
Ruggedcom_rs400 Siemens - (including) - (including)
Ruggedcom_rs401 Siemens - (including) - (including)
Ruggedcom_rs416 Siemens - (including) - (including)
Ruggedcom_rs416v2 Siemens - (including) - (including)
Ruggedcom_rs8000 Siemens - (including) - (including)
Ruggedcom_rs8000a Siemens - (including) - (including)
Ruggedcom_rs8000h Siemens - (including) - (including)
Ruggedcom_rs8000t Siemens - (including) - (including)
Ruggedcom_rs900 Siemens - (including) - (including)
Ruggedcom_rs900g Siemens - (including) - (including)
Ruggedcom_rs900gp Siemens - (including) - (including)
Ruggedcom_rs900l Siemens - (including) - (including)
Ruggedcom_rs900w Siemens - (including) - (including)
Ruggedcom_rs910 Siemens - (including) - (including)
Ruggedcom_rs910l Siemens - (including) - (including)
Ruggedcom_rs910w Siemens - (including) - (including)
Ruggedcom_rs920l Siemens - (including) - (including)
Ruggedcom_rs920w Siemens - (including) - (including)
Ruggedcom_rs930l Siemens - (including) - (including)
Ruggedcom_rs930w Siemens - (including) - (including)
Ruggedcom_rs940g Siemens - (including) - (including)
Ruggedcom_rs969 Siemens - (including) - (including)
Ruggedcom_rsg2100 Siemens - (including) - (including)
Ruggedcom_rsg2100p Siemens - (including) - (including)
Ruggedcom_rsg2200 Siemens - (including) - (including)
Ruggedcom_rsg2288 Siemens - (including) - (including)
Ruggedcom_rsg2300 Siemens - (including) - (including)
Ruggedcom_rsg2300p Siemens - (including) - (including)
Ruggedcom_rsg2488 Siemens - (including) - (including)
Ruggedcom_rsg907r Siemens - (including) - (including)
Ruggedcom_rsg908c Siemens - (including) - (including)
Ruggedcom_rsg909r Siemens - (including) - (including)
Ruggedcom_rsg910c Siemens - (including) - (including)
Ruggedcom_rsg920p Siemens - (including) - (including)
Ruggedcom_rsl910 Siemens - (including) - (including)
Ruggedcom_rst2228 Siemens - (including) - (including)
Ruggedcom_rst2228p Siemens - (including) - (including)
Ruggedcom_rst916c Siemens - (including) - (including)
Ruggedcom_rst916p Siemens - (including) - (including)

Potential Mitigations

References