Siemens RUGGEDCOM ROS Buffer Copy Without Checking Size of Input (CVE-2021-31895)

high Tenable OT Security Plugin ID 501633

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100PNC (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends applying updates where applicable:

- RUGGEDCOM ROS i800: Update to v4.3.7 or later
- RUGGEDCOM ROS i801: Update to v4.3.7 or later
- RUGGEDCOM ROS i802: Update to v4.3.7 or later
- RUGGEDCOM ROS i803: Update to v4.3.7 or later
- RUGGEDCOM ROS M969: Update to v4.3.7 or later
- RUGGEDCOM ROS M2100: Update to v4.3.7 or later
- RUGGEDCOM ROS M2200: Update to v4.3.7 or later
- RUGGEDCOM ROS RMC: Update to v4.3.7 or later
- RUGGEDCOM ROS RMC20: Update to v4.3.7 or later
- RUGGEDCOM ROS RMC30: Update to v4.3.7 or later
- RUGGEDCOM ROS RMC40: Update to v4.3.7 or later
- RUGGEDCOM ROS RMC41: Update to v4.3.7 or later
- RUGGEDCOM ROS RMC8388 V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RMC8388 V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RP110: Update to v4.3.7 or later
- RUGGEDCOM ROS RS400: Update to v4.3.7 or later
- RUGGEDCOM ROS RS401: Update to v4.3.7 or later
- RUGGEDCOM ROS RS416: Update to v4.3.7 or later
- RUGGEDCOM ROS RS416V2 V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RS416V2 V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RS900 (32M) V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RS900 (32M) V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RS900G: Update to v4.3.7 or later
- RUGGEDCOM ROS RS900G (32M) V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RS900G (32M) V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RS900GP: Update to v4.3.7 or later
- RUGGEDCOM ROS RS900L: Update to v4.3.7 or later
- RUGGEDCOM ROS PS900W: Update to v4.3.7 or later
- RUGGEDCOM ROS RS910: Update to v4.3.7 or later
- RUGGEDCOM ROS RS910L: Update to v4.3.7 or later
- RUGGEDCOM ROS RS910W: Update to v4.3.7 or later
- RUGGEDCOM ROS RS920L: Update to v4.3.7 or later
- RUGGEDCOM ROS RS920W: Update to v4.3.7 or later
- RUGGEDCOM ROS RS930L: Update to v4.3.7 or later
- RUGGEDCOM ROS RS930W: Update to v4.3.7 or later
- RUGGEDCOM ROS RS940G: Update to v4.3.7 or later
- RUGGEDCOM ROS RS969: Update to v4.3.7 or later
- RUGGEDCOM ROS RS8000: Update to v4.3.7 or later
- RUGGEDCOM ROS RS8000A: Update to v4.3.7 or later
- RUGGEDCOM ROS RS8000H: Update to v4.3.7 or later
- RUGGEDCOM ROS RS8000T: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG900 V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG900 V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG900C: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG900G V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG800G V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG900R: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG920P V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG920P V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG2100 (32M) V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG2100 (32M) V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG2100 V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG2100P: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG2100P (32M) V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG2100P (32M) V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG2200: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG2288 V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG2288 V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG2300 V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG2300 V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG2300P V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG2300P V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RSG2488 V4.X: Update to v4.3.7 or later
- RUGGEDCOM ROS RSG2488 V5.X: Update to v5.5.4 or later
- RUGGEDCOM ROS RSL910: Update to v5.5.4 or later
- RUGGEDCOM ROS RST916C: Update to v5.5.4 or later
- RUGGEDCOM ROS RST916P: Update to v5.5.4 or later
- RUGGEDCOM ROS RST2228: Update to v5.5.4 or later

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Enabling DHCP snooping ensures the DHCP client in the affected devices will only accept DHCP requests from trusted DHCP servers
- Disable DHCP and configure a static IP address to the device

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens Operational Guidelines for Industrial Security and following the recommendations in the product manuals. For additional information, please refer to Siemens Security Advisory SSA-373591.

See Also

https://cert-portal.siemens.com/productcert/html/ssa-373591.html

https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-21-194-10

Plugin Details

Severity: High

ID: 501633

Version: 1.10

Type: remote

Family: Tenable.ot

Published: 9/14/2023

Updated: 5/14/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-31895

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:ruggedcom_ros_i800, cpe:/o:siemens:ruggedcom_ros_rsg920p:4, cpe:/o:siemens:ruggedcom_ros_rs8000, cpe:/o:siemens:ruggedcom_ros_rsg900c, cpe:/o:siemens:ruggedcom_ros_rs900w, cpe:/o:siemens:ruggedcom_ros_i802, cpe:/o:siemens:ruggedcom_ros_rmc8388:4, cpe:/o:siemens:ruggedcom_ros_rsg2300p:4, cpe:/o:siemens:ruggedcom_ros_rsg900:4, cpe:/o:siemens:ruggedcom_ros_rs940g, cpe:/o:siemens:ruggedcom_ros_i803, cpe:/o:siemens:ruggedcom_ros_rs416v2:4, cpe:/o:siemens:ruggedcom_ros_rsg920p:5, cpe:/o:siemens:ruggedcom_ros_rsg2300p:5, cpe:/o:siemens:ruggedcom_ros_rs920w, cpe:/o:siemens:ruggedcom_ros_rsg900r, cpe:/o:siemens:ruggedcom_ros_rs930l, cpe:/o:siemens:ruggedcom_ros_rs910l, cpe:/o:siemens:ruggedcom_ros_rst916c, cpe:/o:siemens:ruggedcom_ros_m2100, cpe:/o:siemens:ruggedcom_ros_rsg900g:4, cpe:/o:siemens:ruggedcom_ros_rs416v2:5, cpe:/o:siemens:ruggedcom_ros_rsg2200, cpe:/o:siemens:ruggedcom_ros_rs8000h, cpe:/o:siemens:ruggedcom_ros_rsg900:5, cpe:/o:siemens:ruggedcom_ros_rst916p, cpe:/o:siemens:ruggedcom_ros_rs416, cpe:/o:siemens:ruggedcom_ros_rsg2300:5, cpe:/o:siemens:ruggedcom_ros_rst2228, cpe:/o:siemens:ruggedcom_ros_rs8000a, cpe:/o:siemens:ruggedcom_ros_rs969, cpe:/o:siemens:ruggedcom_ros_rsg2288:5, cpe:/o:siemens:ruggedcom_ros_rs900g:5, cpe:/o:siemens:ruggedcom_ros_rsg900g:5, cpe:/o:siemens:ruggedcom_ros_i801, cpe:/o:siemens:ruggedcom_ros_rmc8388:5, cpe:/o:siemens:ruggedcom_ros_rmc40, cpe:/o:siemens:ruggedcom_ros_rs900l, cpe:/o:siemens:ruggedcom_ros_rsg2288:4, cpe:/o:siemens:ruggedcom_ros_rsg2300:4, cpe:/o:siemens:ruggedcom_ros_rs900gp, cpe:/o:siemens:ruggedcom_ros_rmc20, cpe:/o:siemens:ruggedcom_ros_rsg2488:5, cpe:/o:siemens:ruggedcom_ros_rmc41, cpe:/o:siemens:ruggedcom_ros_rs900g:4, cpe:/o:siemens:ruggedcom_ros_rs910w, cpe:/o:siemens:ruggedcom_ros_m2200, cpe:/o:siemens:ruggedcom_ros_rs910, cpe:/o:siemens:ruggedcom_ros_rs400, cpe:/o:siemens:ruggedcom_ros_rs920l, cpe:/o:siemens:ruggedcom_ros_rsg2100p:4, cpe:/o:siemens:ruggedcom_ros_rs930w, cpe:/o:siemens:ruggedcom_ros_m969, cpe:/o:siemens:ruggedcom_ros_rsg2100:4, cpe:/o:siemens:ruggedcom_ros_rs401, cpe:/o:siemens:ruggedcom_ros_rs900:4, cpe:/o:siemens:ruggedcom_ros_rs900:5, cpe:/o:siemens:ruggedcom_ros_rmc30, cpe:/o:siemens:ruggedcom_ros_rs8000t, cpe:/o:siemens:ruggedcom_ros_rsg2100:5, cpe:/o:siemens:ruggedcom_ros_rsg2488:4, cpe:/o:siemens:ruggedcom_ros_rsg2100p:5

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 7/13/2021

Vulnerability Publication Date: 7/13/2021

Reference Information

CVE: CVE-2021-31895

CWE: 120, 787

ICSA: 21-194-10