Detections
Analytics

Siemens RUGGEDCOM ROS Devices Observable Timing Discrepancy (CVE-2021-42016)

high Tenable OT Security Plugin ID 504439

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data.
If a threat actor were to exploit this, the data integrity and security could be compromised.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

https://cert-portal.siemens.com/productcert/html/ssa-256353.html

https://support.industry.siemens.com/cs/ww/en/view/109816735/

https://support.industry.siemens.com/cs/ww/en/view/109806156/

Plugin Details

Severity: High

ID: 504439

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 11/14/2025

Updated: 11/14/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:ruggedcom_m969f_firmware, cpe:/o:siemens:ruggedcom_rs416_firmware, cpe:/o:siemens:ruggedcom_rst916p_firmware, cpe:/o:siemens:ruggedcom_rs900m-stnd-xx_firmware, cpe:/o:siemens:ruggedcom_rsg2100p_firmware:v5.x, cpe:/o:siemens:ruggedcom_rs920w_firmware, cpe:/o:siemens:ruggedcom_rsg907r_firmware, cpe:/o:siemens:ruggedcom_i802_firmware, cpe:/o:siemens:ruggedcom_i803_firmware, cpe:/o:siemens:ruggedcom_rsg2300f_firmware, cpe:/o:siemens:ruggedcom_rsg2488_firmware:v5.x, cpe:/o:siemens:ruggedcom_rs910_firmware, cpe:/o:siemens:ruggedcom_m2200_firmware, cpe:/o:siemens:ruggedcom_rsg920p_firmware:v4.x, cpe:/o:siemens:ruggedcom_rsg2300pf_firmware, cpe:/o:siemens:ruggedcom_rs900w_firmware, cpe:/o:siemens:ruggedcom_rsg2100_firmware:v5.x, cpe:/o:siemens:ruggedcom_rmc30_firmware, cpe:/o:siemens:ruggedcom_rsg2288_firmware:v4.x, cpe:/o:siemens:ruggedcom_rs400f_firmware, cpe:/o:siemens:ruggedcom_rsg2100p_firmware:v4.x, cpe:/o:siemens:ruggedcom_rs400_firmware, cpe:/o:siemens:ruggedcom_rs416pv2_firmware:v5.x, cpe:/o:siemens:ruggedcom_rsg2100f_firmware, cpe:/o:siemens:ruggedcom_m2100_firmware, cpe:/o:siemens:ruggedcom_rst2228p_firmware, cpe:/o:siemens:ruggedcom_rs900l_firmware, cpe:/o:siemens:ruggedcom_rs8000t_firmware, cpe:/o:siemens:ruggedcom_rmc8388_firmware:v4.x, cpe:/o:siemens:ruggedcom_rst916c_firmware, cpe:/o:siemens:ruggedcom_rs900m-gets-c01_firmware, cpe:/o:siemens:ruggedcom_m2100f_firmware, cpe:/o:siemens:ruggedcom_rsg2100_firmware:v4.x, cpe:/o:siemens:ruggedcom_rsg920p_firmware:v5.x, cpe:/o:siemens:ruggedcom_rst2228_firmware, cpe:/o:siemens:ruggedcom_rsg2200_firmware, cpe:/o:siemens:ruggedcom_rsg909r_firmware, cpe:/o:siemens:ruggedcom_rsg2488_firmware:v4.x, cpe:/o:siemens:ruggedcom_i801_firmware, cpe:/o:siemens:ruggedcom_rs969_firmware, cpe:/o:siemens:ruggedcom_rs910l_firmware, cpe:/o:siemens:ruggedcom_rs930l_firmware, cpe:/o:siemens:ruggedcom_rs900g_firmware:v5.x, cpe:/o:siemens:ruggedcom_rs416v2_firmware:v4.x, cpe:/o:siemens:ruggedcom_rs900_firmware:v4.x, cpe:/o:siemens:ruggedcom_rs1600t_firmware, cpe:/o:siemens:ruggedcom_rs900_firmware:v5.x, cpe:/o:siemens:ruggedcom_rs8000a_firmware, cpe:/o:siemens:ruggedcom_rs8000h_firmware, cpe:/o:siemens:ruggedcom_rs900m-gets-xx_firmware, cpe:/o:siemens:ruggedcom_rs920l_firmware, cpe:/o:siemens:ruggedcom_rs940g_firmware, cpe:/o:siemens:ruggedcom_m969_firmware, cpe:/o:siemens:ruggedcom_rs900m-stnd-c01_firmware, cpe:/o:siemens:ruggedcom_rs416f_firmware, cpe:/o:siemens:ruggedcom_rs930w_firmware, cpe:/o:siemens:ruggedcom_rs900gf_firmware, cpe:/o:siemens:ruggedcom_rs416pv2_firmware:v4.x, cpe:/o:siemens:ruggedcom_rsg2200f_firmware, cpe:/o:siemens:ruggedcom_rs416v2_firmware:v5.x, cpe:/o:siemens:ruggedcom_m2200f_firmware, cpe:/o:siemens:ruggedcom_rs1600_firmware, cpe:/o:siemens:ruggedcom_rs900gp_firmware, cpe:/o:siemens:ruggedcom_i800_firmware, cpe:/o:siemens:ruggedcom_rs401_firmware, cpe:/o:siemens:ruggedcom_rsg910c_firmware, cpe:/o:siemens:ruggedcom_rsg2300p_firmware:v4.x, cpe:/o:siemens:ruggedcom_rs900gpf_firmware, cpe:/o:siemens:ruggedcom_rs910w_firmware, cpe:/o:siemens:ruggedcom_rs940gf_firmware, cpe:/o:siemens:ruggedcom_rs416p_firmware, cpe:/o:siemens:ruggedcom_rsg2300p_firmware:v5.x, cpe:/o:siemens:ruggedcom_rs416pf_firmware, cpe:/o:siemens:ruggedcom_rsg2488f_firmware, cpe:/o:siemens:ruggedcom_rs900g_firmware:v4.x, cpe:/o:siemens:ruggedcom_rsg908c_firmware, cpe:/o:siemens:ruggedcom_rsg2100pf_firmware, cpe:/o:siemens:ruggedcom_rs900f_firmware, cpe:/o:siemens:ruggedcom_rsg2300_firmware:v5.x, cpe:/o:siemens:ruggedcom_rs8000_firmware, cpe:/o:siemens:ruggedcom_rsg2300_firmware:v4.x, cpe:/o:siemens:ruggedcom_rmc8388_firmware:v5.x, cpe:/o:siemens:ruggedcom_rs1600f_firmware, cpe:/o:siemens:ruggedcom_rsg2288_firmware:v5.x

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 3/8/2022

Vulnerability Publication Date: 3/8/2022

Reference Information

CVE: CVE-2021-42016

CWE: 208