Vulnerability in RUGGEDCOM Networking Devices Affecting Modbus Service Configuration
CVE-2024-39675

8.8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rmc30; Ruggedcom Rmc30nc; Ruggedcom Rp110; Ruggedcom Rp110nc
Vendor: CVE Published:; 9 July 2024

Summary

A vulnerability in specific RUGGEDCOM networking devices allows for the unintended activation of the Modbus service within non-managed VLANs. This issue primarily impacts models such as RMC30, RS910, and others, causing potential exposure for serial devices connected to these affected models. The flaw arises from improper configurations, raising security concerns that could lead to unauthorized access or data interception. Ensuring that the affected products are running on versions V4.3.10 and above is essential to mitigate associated risks.

Affected Version(s)

RUGGEDCOM RMC30 0

RUGGEDCOM RMC30NC 0

RUGGEDCOM RP110 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1703...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024