Weak Cipher Configuration in RUGGEDCOM Devices by Siemens
CVE-2021-37209

6.7MEDIUM

Key Information:

Vendor: Siemens
Status: Ruggedcom I800; Ruggedcom I801; Ruggedcom I802; Ruggedcom I803
Vendor: CVE Published:; 8 March 2022

Summary

A significant vulnerability exists in various RUGGEDCOM devices due to the default configuration of the SSH server, which permits weak ciphers. This configuration can expose the systems to man-in-the-middle attacks, allowing unauthorized users to intercept, read, or modify data transmitted between legitimate clients and the vulnerable devices. Users are urged to upgrade to the latest software versions to mitigate these security risks.

Affected Version(s)

RUGGEDCOM i800 All versions < V4.3.8

RUGGEDCOM i801 All versions < V4.3.8

RUGGEDCOM i802 All versions < V4.3.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-76441...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Jul 21, 2021