IRZ RUH2 Insufficient Verification of Data Authenticity (CVE-2016-2309)

high Tenable OT Security Plugin ID 502256


The remote OT asset is affected by a vulnerability.


iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

This plugin only works with Tenable.ot.
Please visit for more information.


iRZ recommends users to replace the RUH2 with either the RUH2b or RUH3.

Additional information on this vulnerability is available at:

See Also

Plugin Details

Severity: High

ID: 502256

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 5/27/2024

Updated: 5/28/2024

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C

CVSS Score Source: CVE-2016-2309


Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:irz:ruh2

Required KB Items: Tenable.ot/IRZ

Exploit Ease: No known exploits are available

Patch Publication Date: 5/30/2016

Vulnerability Publication Date: 5/30/2016

Reference Information

CVE: CVE-2016-2309

CWE: 345