CVE-2024-38278

Severity Score

7.5

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system.

Se ha identificado una vulnerabilidad en RUGGEDCOM RMC8388 V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RMC8388NC V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RS416v2 V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (Todas versiones < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X ( Todas las versiones < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG2288 V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG2288NC V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG2300 V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG2300NC V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG2300P V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG2488 V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG2488NC V5.X (Todas las versiones < V5 .9.0), RUGGEDCOM RSG907R (todas las versiones < V5.9.0), RUGGEDCOM RSG908C (todas las versiones < V5.9.0), RUGGEDCOM RSG909R (todas las versiones < V5.9.0), RUGGEDCOM RSG910C (todas las versiones < V5.9.0), RUGGEDCOM RSG920P V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSG920PNC V5.X (Todas las versiones < V5.9.0), RUGGEDCOM RSL910 (Todas las versiones < V5.9.0), RUGGEDCOM RSL910NC (Todas las versiones < V5.9.0), RUGGEDCOM RST2228 (Todas las versiones < V5.9.0), RUGGEDCOM RST2228P (Todas las versiones < V5.9.0), RUGGEDCOM RST916C (Todas las versiones < V5.9.0), RUGGEDCOM RST916P (Todas las versiones < V5.9.0). Los productos afectados con reenvío de IP habilitado ponen a disposición por error determinados servicios remotos en VLAN no gestionadas, incluso si estos servicios no se activan intencionadamente. Un atacante podría aprovechar esta vulnerabilidad para crear un shell remoto para el sistema afectado.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

Present

Privileges Required

High

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

None

Integrity

High

None

Availability

High

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-06-12 CVE Reserved
2024-07-09 CVE Published
2024-07-10 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-266: Incorrect Privilege Assignment

CAPEC

References (1)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/html/ssa-170375.html

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"		Ruggedcom Ros Rmc8388 Search vendor "Siemens" for product "Ruggedcom Ros Rmc8388"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rmc8388nc Search vendor "Siemens" for product "Ruggedcom Ros Rmc8388nc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rs416ncv2 Search vendor "Siemens" for product "Ruggedcom Ros Rs416ncv2"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rs416pncv2 Search vendor "Siemens" for product "Ruggedcom Ros Rs416pncv2"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rs416pv2 Search vendor "Siemens" for product "Ruggedcom Ros Rs416pv2"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rs416v2 Search vendor "Siemens" for product "Ruggedcom Ros Rs416v2"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rs900 Search vendor "Siemens" for product "Ruggedcom Ros Rs900"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rs900g Search vendor "Siemens" for product "Ruggedcom Ros Rs900g"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rs900gnc Search vendor "Siemens" for product "Ruggedcom Ros Rs900gnc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rs900nc Search vendor "Siemens" for product "Ruggedcom Ros Rs900nc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2100 Search vendor "Siemens" for product "Ruggedcom Ros Rsg2100"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2100nc Search vendor "Siemens" for product "Ruggedcom Ros Rsg2100nc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2288 Search vendor "Siemens" for product "Ruggedcom Ros Rsg2288"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2288nc Search vendor "Siemens" for product "Ruggedcom Ros Rsg2288nc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2300 Search vendor "Siemens" for product "Ruggedcom Ros Rsg2300"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2300nc Search vendor "Siemens" for product "Ruggedcom Ros Rsg2300nc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2300p Search vendor "Siemens" for product "Ruggedcom Ros Rsg2300p"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2300pnc Search vendor "Siemens" for product "Ruggedcom Ros Rsg2300pnc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2488 Search vendor "Siemens" for product "Ruggedcom Ros Rsg2488"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg2488nc Search vendor "Siemens" for product "Ruggedcom Ros Rsg2488nc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg907r Search vendor "Siemens" for product "Ruggedcom Ros Rsg907r"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg908c Search vendor "Siemens" for product "Ruggedcom Ros Rsg908c"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg909r Search vendor "Siemens" for product "Ruggedcom Ros Rsg909r"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg910c Search vendor "Siemens" for product "Ruggedcom Ros Rsg910c"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg920p Search vendor "Siemens" for product "Ruggedcom Ros Rsg920p"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsg920pnc Search vendor "Siemens" for product "Ruggedcom Ros Rsg920pnc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsl910 Search vendor "Siemens" for product "Ruggedcom Ros Rsl910"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rsl910nc Search vendor "Siemens" for product "Ruggedcom Ros Rsl910nc"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rst2228 Search vendor "Siemens" for product "Ruggedcom Ros Rst2228"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rst2228p Search vendor "Siemens" for product "Ruggedcom Ros Rst2228p"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rst916c Search vendor "Siemens" for product "Ruggedcom Ros Rst916c"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Ros Rst916p Search vendor "Siemens" for product "Ruggedcom Ros Rst916p"				*		-		Affected