critical
9.8
CWE
787 120
Advisory Published
Updated

CVE-2021-31895

First published: Tue Jul 13 2021(Updated: )

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens RUGGEDCOM ROS i800<4.3.7
Siemens RUGGEDCOM i800
Siemens RUGGEDCOM i801<4.3.7
Siemens RUGGEDCOM i801
Siemens RUGGEDCOM ROS i802<4.3.7
Siemens RUGGEDCOM ROS i802
Siemens RUGGEDCOM i803<4.3.7
Siemens RUGGEDCOM i803NC
Siemens RUGGEDCOM ROS M969<4.3.7
Siemens RUGGEDCOM ROS M969
Siemens RUGGEDCOM M2100<4.3.7
siemens RUGGEDCOM M2100F
Siemens RUGGEDCOM ROS M2200<4.3.7
Siemens RUGGEDCOM M2200
Siemens RUGGEDCOM ROS RMC<4.3.7
Siemens RUGGEDCOM RMC
Siemens RUGGEDCOM ROS RMC20<4.3.7
Siemens RUGGEDCOM ROS RMC20
Siemens RUGGEDCOM ROS RMC30<4.3.7
Siemens RUGGEDCOM ROS RMC30
siemens RUGGEDCOM ROS RMC40<4.3.7
Siemens RUGGEDCOM RMC40
siemens RUGGEDCOM RMC41<4.3.7
Siemens RUGGEDCOM RMC41
Siemens RUGGEDCOM RMC8388<4.3.7
Siemens RUGGEDCOM RMC8388>=5.0.0<5.5.4
Siemens RUGGEDCOM ROS RMC8388
Siemens RUGGEDCOM ROS RP110<4.3.7
Siemens RUGGEDCOM RP110
Siemens RUGGEDCOM ROS RS400<4.3.7
Siemens RUGGEDCOM RS400NC
Siemens RUGGEDCOM RS401<4.3.7
Siemens RUGGEDCOM ROS RS401
Siemens RUGGEDCOM ROS RS416<4.3.7
Siemens RUGGEDCOM ROS RS416
Siemens RUGGEDCOM ROS RS416v2<4.3.7
Siemens RUGGEDCOM ROS RS416v2>=5.5.0<5.5.4
Siemens RUGGEDCOM ROS RS416v2
Siemens RUGGEDCOM ROS RS900<4.3.7
Siemens RUGGEDCOM ROS RS900>=5.0.0<5.5.4
Siemens RUGGEDCOM ROS RS900
Siemens RUGGEDCOM RS900G<4.3.7
Siemens RUGGEDCOM RS900G>=5.0.0<5.5.4
Siemens RUGGEDCOM RS900G (32M)
Siemens RUGGEDCOM RS900GP<4.3.7
Siemens RUGGEDCOM ROS RS900GP
siemens RUGGEDCOM RS900L<4.3.7
Siemens RUGGEDCOM RS900
Siemens RUGGEDCOM RS900W<4.3.7
Siemens RUGGEDCOM ROS RS900W
Siemens RUGGEDCOM ROS RS910<4.3.7
Siemens RUGGEDCOM RS910
Siemens RUGGEDCOM RS910L<4.3.7
Siemens RUGGEDCOM ROS RS910L
Siemens RUGGEDCOM RS910W<4.3.7
Siemens RUGGEDCOM ROS RS910W
Siemens RUGGEDCOM RS920L<4.3.7
Siemens RUGGEDCOM ROS RS920L
Siemens RUGGEDCOM RS920W<4.3.7
Siemens RUGGEDCOM ROS RS920W
Siemens RUGGEDCOM ROS RS930L<4.3.7
Siemens RUGGEDCOM ROS RS930L
Siemens RUGGEDCOM ROS RS930W<4.3.7
Siemens RUGGEDCOM ROS RS930W
Siemens RUGGEDCOM RS940G<4.3.7
Siemens RUGGEDCOM ROS RS940G
Siemens RUGGEDCOM ROS M969<4.3.7
Siemens RUGGEDCOM ROS RS969
Siemens RUGGEDCOM RS8000<4.3.7
Siemens RUGGEDCOM RS8000
Siemens RUGGEDCOM ROS RS8000A<4.3.7
Siemens RUGGEDCOM ROS RS8000A
Siemens RUGGEDCOM ROS RS8000H<4.3.7
Siemens RUGGEDCOM ROS RS8000H
Siemens RUGGEDCOM ROS RS8000T<4.3.7
Siemens RUGGEDCOM ROS RS8000T
Siemens RUGGEDCOM RSG900<4.3.7
Siemens RUGGEDCOM RSG900>=5.5.0<5.5.4
Siemens RUGGEDCOM RSG900C
Siemens RUGGEDCOM ROS RSG900C<5.5.4
Siemens RUGGEDCOM ROS RSG900C
Siemens RUGGEDCOM RSG900G<4.3.7
Siemens RUGGEDCOM RSG900G>=5.0.0<5.5.4
Siemens RUGGEDCOM RSG900G
Siemens RUGGEDCOM ROS RSG900R<5.5.4
siemens RUGGEDCOM RSG900R
Siemens RUGGEDCOM RSG920P<4.3.7
Siemens RUGGEDCOM RSG920P>=5.0.0<5.5.4
Siemens RUGGEDCOM ROS RSG920P
Siemens RUGGEDCOM RSG2100<4.3.7
Siemens RUGGEDCOM RSG2100>=5.0.0<5.5.4
Siemens RUGGEDCOM ROS RSG2100
Siemens RUGGEDCOM ROS RSG2100P<4.3.7
Siemens RUGGEDCOM ROS RSG2100P>=5.0.0<5.3.4
Siemens RUGGEDCOM ROS RSG2100P
Siemens RUGGEDCOM RSG2200<4.3.7
Siemens RUGGEDCOM ROS RSG2200
Siemens RUGGEDCOM RSG2288<4.3.7
Siemens RUGGEDCOM RSG2288>=5.0.0<5.5.4
Siemens RUGGEDCOM RSG2288
Siemens RUGGEDCOM RSG2300<4.3.7
Siemens RUGGEDCOM RSG2300>=5.0.0<5.3.4
siemens RUGGEDCOM ROS RSG2300
Siemens RUGGEDCOM ROS RSG2300P<4.3.7
Siemens RUGGEDCOM ROS RSG2300P>=5.5.0<5.5.4
Siemens RUGGEDCOM ROS RSG2300P
Siemens RUGGEDCOM RSG2488<4.3.7
Siemens RUGGEDCOM RSG2488>=5.0.0<5.5.4
Siemens RUGGEDCOM ROS RSG2488
Siemens RUGGEDCOM RSL910<5.5.4
Siemens RUGGEDCOM RSL910
Siemens RUGGEDCOM ROS RST916C<5.5.4
Siemens RUGGEDCOM ROS RST916C
Siemens RUGGEDCOM ROS RST916P<5.5.4
Siemens RUGGEDCOM ROS RST916P
Siemens RUGGEDCOM RST2228<5.5.4
Siemens RUGGEDCOM ROS RST2228

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-31895?

    CVE-2021-31895 has a CVSS score of 7.5, indicating a high severity level.

  • How do I fix CVE-2021-31895?

    To remediate CVE-2021-31895, upgrade the affected RUGGEDCOM ROS versions to 4.3.7 or later.

  • What products are affected by CVE-2021-31895?

    CVE-2021-31895 affects various models including RUGGEDCOM ROS M2100, M2200, M969, and several RMC series devices.

  • When was CVE-2021-31895 published?

    CVE-2021-31895 was published on July 28, 2021.

  • What type of vulnerability is CVE-2021-31895?

    CVE-2021-31895 is a security vulnerability that allows unauthorized access to the affected devices.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203