Vulnerability in RUGGEDCOM Networking Devices Affecting Modbus Service Configuration
CVE-2024-39675

8.7HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rmc30; Ruggedcom Rmc30nc; Ruggedcom Rp110; Ruggedcom Rp110nc
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-39675?

A vulnerability in specific RUGGEDCOM networking devices allows for the unintended activation of the Modbus service within non-managed VLANs. This issue primarily impacts models such as RMC30, RS910, and others, causing potential exposure for serial devices connected to these affected models. The flaw arises from improper configurations, raising security concerns that could lead to unauthorized access or data interception. Ensuring that the affected products are running on versions V4.3.10 and above is essential to mitigate associated risks.

Affected Version(s)

RUGGEDCOM RMC30 0

RUGGEDCOM RMC30NC 0

RUGGEDCOM RP110 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1703...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024

Siemens

What is CVE-2024-39675?

Affected Version(s)

References

CVSS V4

Timeline