Details of VAR-202107-1339

ID

VAR-202107-1339

CVE

CVE-2021-31895

TITLE

Out-of-bounds write vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-010132

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100PNC (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution. Multiple Siemens products are vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) May be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-31895 // JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-31895

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom ros m2200	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs401	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc8388	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rst2228	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs416v2	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900l	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs910w	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2288	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900w	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs910l	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900g	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros i802	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100p	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsl910	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rst916c	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900g	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100p	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs400	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc40	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs8000h	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs8000t	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900c	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg920p	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900g	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs930w	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros i803	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900gp	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs416	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2488	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc8388	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros m969	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros i800	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc30	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc8388	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs416v2	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rst916p	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg920p	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300p	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300p	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros i801	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2288	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900r	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs920l	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2488	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300	scope:	lt	version:	5.3.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs416v2	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900g	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100p	scope:	lt	version:	5.3.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2288	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs910	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg900	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc41	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs8000	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2200	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs920w	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs969	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2100	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc20	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs930l	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs8000a	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs940g	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg920p	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900g	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rmc	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rs900g	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2488	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rsg2300p	scope:	lt	version:	5.5.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros m2100	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros rp110	scope:	lt	version:	4.3.7	Trust: 1.0
vendor:	シーメンス	model:	ruggedcom ros i800	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros m969	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros rmc	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros i803	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros rmc20	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros m2200	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros rmc30	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros m2100	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros i802	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom ros i801	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010132 // NVD: CVE-2021-31895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31895
value:	CRITICAL
Trust: 1.0
productcert@siemens.com:	CVE-2021-31895
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-31895
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202107-692
value:	CRITICAL
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-31895
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-31895
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2021-31895
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-31895
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202107-692 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-31895 // NVD: CVE-2021-31895

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010132 // NVD: CVE-2021-31895

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-692

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-692 // CNNVD: CNNVD-202104-975

PATCH

title:	SSA-373591	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf	Trust: 0.8
title:	Siemens RUGGEDCOM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156386	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0fa914b1cff73616953dba36fb06baf5	Trust: 0.1

sources: VULMON: CVE-2021-31895 // JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202107-692

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31895	Trust: 3.3
db:	SIEMENS	id:	SSA-373591	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-010132	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.2405	Trust: 0.6
db:	CS-HELP	id:	SB2021071422	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-692	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULMON	id:	CVE-2021-31895	Trust: 0.1

sources: VULMON: CVE-2021-31895 // JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202107-692 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-31895

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31895	Trust: 1.4
url:	https://cert-portal.siemens.com/productcert/html/ssa-373591.html	Trust: 1.0
url:	https://www.auscert.org.au/bulletins/esb-2021.2405	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071422	Trust: 0.6
url:	https://vigilance.fr/vulnerability/siemens-ruggedcom-ros-buffer-overflow-via-dhcp-35872	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-373591.txt	Trust: 0.1

sources: VULMON: CVE-2021-31895 // JVNDB: JVNDB-2021-010132 // CNNVD: CNNVD-202107-692 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-31895

SOURCES

db:	VULMON	id:	CVE-2021-31895
db:	JVNDB	id:	JVNDB-2021-010132
db:	CNNVD	id:	CNNVD-202107-692
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-31895

LAST UPDATE DATE

2025-05-13T21:45:39.391000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-31895	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-010132	date:	2022-06-22T02:35:00
db:	CNNVD	id:	CNNVD-202107-692	date:	2021-08-02T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-31895	date:	2025-05-13T10:15:17.910

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-31895	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-010132	date:	2022-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202107-692	date:	2021-07-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-31895	date:	2021-07-13T11:15:09.677