Detections
Analytics
Siemens RUGGEDCOM Devices Inadequate Encryption Strength (CVE-2021-37209)
medium Tenable OT Security Plugin ID 504810
Synopsis
The remote OT asset is affected by a vulnerability.Description
The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in- the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has provided a fix and recommends applying it to the following products:
- RUGGEDCOM ROS RMC8388 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RS416Pv2 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RS416v2 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RS900 (32M) V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RS900G (32M) V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2100 (32M) V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2288 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2300P V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2300 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG2488 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG907R V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG908C V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG909R V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG910C V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG920P V4.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSG920P V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RSL910 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RST2228 V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RST2228P V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RST916C V5.X: Update to v5.7.0 or later
- RUGGEDCOM ROS RST916P V5.X: Update to v5.7.0 or later
Siemens has identified the following specific workarounds users can apply to reduce the risk:
- Configure the SSH clients to make use of the following strong key exchange ciphers, supported by the ROS SSH server:
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- Add only the trusted SSH client public keys to ROS, and allow only those clients access
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and to follow the recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.
For more information, see the associated Siemens security advisory SSA-764417 in HTML and CSAF.
For more information see Siemens Security Advisory SSA-764417
See Also
https://cert-portal.siemens.com/productcert/html/ssa-764417.html
https://support.industry.siemens.com/cs/ww/en/view/109814608/
https://support.industry.siemens.com/cs/ww/en/view/109816735/
https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-01
Plugin Details
Severity: Medium
ID: 504810
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 11/18/2025
Updated: 11/19/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v3
Risk Factor: Medium
Base Score: 6.7
Temporal Score: 6.3
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:U/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:ruggedcom_rsg2488_firmware:v5, cpe:/o:siemens:ruggedcom_rs416_firmware, cpe:/o:siemens:ruggedcom_rsg2288_firmware:v5, cpe:/o:siemens:ruggedcom_i800_firmware, cpe:/o:siemens:ruggedcom_rs400_firmware, cpe:/o:siemens:ruggedcom_rs900g_%2832m%29_firmware:v5, cpe:/o:siemens:ruggedcom_rs401_firmware, cpe:/o:siemens:ruggedcom_rsg2100_%2832m%29_firmware:v5, cpe:/o:siemens:ruggedcom_rs8000h_firmware, cpe:/o:siemens:ruggedcom_rs900m-gets-xx_firmware, cpe:/o:siemens:ruggedcom_rmc8388_firmware:v5, cpe:/o:siemens:ruggedcom_rsg910c_firmware, cpe:/o:siemens:ruggedcom_rst916p_firmware, cpe:/o:siemens:ruggedcom_rs920l_firmware, cpe:/o:siemens:ruggedcom_m2100_firmware, cpe:/o:siemens:ruggedcom_rs900m-stnd-xx_firmware, cpe:/o:siemens:ruggedcom_rs416pv2_firmware:v4, cpe:/o:siemens:ruggedcom_rs940g_firmware, cpe:/o:siemens:ruggedcom_rst2228p_firmware, cpe:/o:siemens:ruggedcom_m969_firmware, cpe:/o:siemens:ruggedcom_rs900g_firmware, cpe:/o:siemens:ruggedcom_rs900l_firmware, cpe:/o:siemens:ruggedcom_rs910w_firmware, cpe:/o:siemens:ruggedcom_rsg2300p_firmware:v5, cpe:/o:siemens:ruggedcom_rs920w_firmware, cpe:/o:siemens:ruggedcom_rsg907r_firmware, cpe:/o:siemens:ruggedcom_rs900m-stnd-c01_firmware, cpe:/o:siemens:ruggedcom_rs8000t_firmware, cpe:/o:siemens:ruggedcom_i802_firmware, cpe:/o:siemens:ruggedcom_rst916c_firmware, cpe:/o:siemens:ruggedcom_rs416p_firmware, cpe:/o:siemens:ruggedcom_i803_firmware, cpe:/o:siemens:ruggedcom_rs900m-gets-c01_firmware, cpe:/o:siemens:ruggedcom_rs416pv2_firmware:v5, cpe:/o:siemens:ruggedcom_rsg2100_firmware, cpe:/o:siemens:ruggedcom_rsg2100p_%2832m%29_firmware:v5, cpe:/o:siemens:ruggedcom_rsg2300p_firmware:v4, cpe:/o:siemens:ruggedcom_rst2228_firmware, cpe:/o:siemens:ruggedcom_rsg2200_firmware, cpe:/o:siemens:ruggedcom_rsg909r_firmware, cpe:/o:siemens:ruggedcom_i801_firmware, cpe:/o:siemens:ruggedcom_m2200_firmware, cpe:/o:siemens:ruggedcom_rs910_firmware, cpe:/o:siemens:ruggedcom_rsg908c_firmware, cpe:/o:siemens:ruggedcom_rmc8388_firmware:v4, cpe:/o:siemens:ruggedcom_rsg2100_%2832m%29_firmware:v4, cpe:/o:siemens:ruggedcom_rs930w_firmware, cpe:/o:siemens:ruggedcom_rs900_%2832m%29_firmware:v5, cpe:/o:siemens:ruggedcom_rsg2100p_%2832m%29_firmware:v4, cpe:/o:siemens:ruggedcom_rs969_firmware, cpe:/o:siemens:ruggedcom_rsg2100p_firmware, cpe:/o:siemens:ruggedcom_rs900gp_firmware, cpe:/o:siemens:ruggedcom_rs910l_firmware, cpe:/o:siemens:ruggedcom_rs8000_firmware, cpe:/o:siemens:ruggedcom_rs930l_firmware, cpe:/o:siemens:ruggedcom_rsg920p_firmware:v4, cpe:/o:siemens:ruggedcom_rs900w_firmware, cpe:/o:siemens:ruggedcom_rsg2300_firmware:v5, cpe:/o:siemens:ruggedcom_rs416v2_firmware:v5, cpe:/o:siemens:ruggedcom_rs416v2_firmware:v4, cpe:/o:siemens:ruggedcom_rs900_firmware, cpe:/o:siemens:ruggedcom_rs900g_%2832m%29_firmware:v4, cpe:/o:siemens:ruggedcom_rsg2300_firmware:v4, cpe:/o:siemens:ruggedcom_rs900_%2832m%29_firmware:v4, cpe:/o:siemens:ruggedcom_rs1600_firmware, cpe:/o:siemens:ruggedcom_rsg2488_firmware:v4, cpe:/o:siemens:ruggedcom_rsg2288_firmware:v4, cpe:/o:siemens:ruggedcom_rmc30_firmware, cpe:/o:siemens:ruggedcom_rsg920p_firmware:v5, cpe:/o:siemens:ruggedcom_rs1600t_firmware, cpe:/o:siemens:ruggedcom_rs1600f_firmware, cpe:/o:siemens:ruggedcom_rs8000a_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 3/8/2022
Vulnerability Publication Date: 3/8/2022
Reference Information
CVE: CVE-2021-37209
CWE: 326