PT-2023-9247 · Siemens · Ruggedcom Rsg2200+59
Thomas Riedmaier
·
Published
2023-12-29
·
Updated
2024-07-09
·
CVE-2023-52237
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RUGGEDCOM i800
RUGGEDCOM i800NC
RUGGEDCOM i801
RUGGEDCOM i801NC
RUGGEDCOM i802
RUGGEDCOM i802NC
RUGGEDCOM i803
RUGGEDCOM i803NC
RUGGEDCOM M2100
RUGGEDCOM M2100NC
RUGGEDCOM M2200
RUGGEDCOM M2200NC
RUGGEDCOM M969
RUGGEDCOM M969NC
RUGGEDCOM RMC30
RUGGEDCOM RMC30NC
RUGGEDCOM RMC8388 V4.X
RUGGEDCOM RMC8388 V5.X
RUGGEDCOM RMC8388NC V4.X
RUGGEDCOM RMC8388NC V5.X
RUGGEDCOM RP110
RUGGEDCOM RP110NC
RUGGEDCOM RS1600
RUGGEDCOM RS1600F
RUGGEDCOM RS1600FNC
RUGGEDCOM RS1600NC
RUGGEDCOM RS1600T
RUGGEDCOM RS1600TNC
RUGGEDCOM RS400
RUGGEDCOM RS400NC
RUGGEDCOM RS401
RUGGEDCOM RS401NC
RUGGEDCOM RS416
RUGGEDCOM RS416NC
RUGGEDCOM RS416NCv2 V4.X
RUGGEDCOM RS416NCv2 V5.X
RUGGEDCOM RS416P
RUGGEDCOM RS416PNC
RUGGEDCOM RS416PNCv2 V4.X
RUGGEDCOM RS416PNCv2 V5.X
RUGGEDCOM RS416Pv2 V4.X
RUGGEDCOM RS416Pv2 V5.X
RUGGEDCOM RS416v2 V4.X
RUGGEDCOM RS416v2 V5.X
RUGGEDCOM RS8000
RUGGEDCOM RS8000A
RUGGEDCOM RS8000ANC
RUGGEDCOM RS8000H
RUGGEDCOM RS8000HNC
RUGGEDCOM RS8000NC
RUGGEDCOM RS8000T
RUGGEDCOM RS8000TNC
RUGGEDCOM RS900
RUGGEDCOM RS900 (32M) V4.X
RUGGEDCOM RS900 (32M) V5.X
RUGGEDCOM RS900G
RUGGEDCOM RS900G (32M) V4.X
RUGGEDCOM RS900G (32M) V5.X
RUGGEDCOM RS900GNC
RUGGEDCOM RS900GNC(32M) V4.X
RUGGEDCOM RS900GNC(32M) V5.X
RUGGEDCOM RS900GP
RUGGEDCOM RS900GPNC
RUGGEDCOM RS900L
RUGGEDCOM RS900LNC
RUGGEDCOM RS900M-GETS-C01
RUGGEDCOM RS900M-GETS-XX
RUGGEDCOM RS900M-STND-C01
RUGGEDCOM RS900M-STND-XX
RUGGEDCOM RS900MNC-GETS-C01
RUGGEDCOM RS900MNC-GETS-XX
RUGGEDCOM RS900MNC-STND-XX
RUGGEDCOM RS900MNC-STND-XX-C01
RUGGEDCOM RS900NC
RUGGEDCOM RS900NC(32M) V4.X
RUGGEDCOM RS900NC(32M) V5.X
RUGGEDCOM RS900W
RUGGEDCOM RS910
RUGGEDCOM RS910L
RUGGEDCOM RS910LNC
RUGGEDCOM RS910NC
RUGGEDCOM RS910W
RUGGEDCOM RS920L
RUGGEDCOM RS920LNC
RUGGEDCOM RS920W
RUGGEDCOM RS930L
RUGGEDCOM RS930LNC
RUGGEDCOM RS930W
RUGGEDCOM RS940G
RUGGEDCOM RS940GNC
RUGGEDCOM RS969
RUGGEDCOM RS969NC
RUGGEDCOM RSG2100
RUGGEDCOM RSG2100 (32M) V4.X
RUGGEDCOM RSG2100 (32M) V5.X
RUGGEDCOM RSG2100NC
RUGGEDCOM RSG2100NC(32M) V4.X
RUGGEDCOM RSG2100NC(32M) V5.X
RUGGEDCOM RSG2100P
RUGGEDCOM RSG2100PNC
RUGGEDCOM RSG2200
RUGGEDCOM RSG2200NC
RUGGEDCOM RSG2288 V4.X
RUGGEDCOM RSG2288 V5.X
RUGGEDCOM RSG2288NC V4.X
RUGGEDCOM RSG2288NC V5.X
RUGGEDCOM RSG2300 V4.X
RUGGEDCOM RSG2300 V5.X
RUGGEDCOM RSG2300NC V4.X
RUGGEDCOM RSG2300NC V5.X
RUGGEDCOM RSG2300P V4.X
RUGGEDCOM RSG2300P V5.X
RUGGEDCOM RSG2300PNC V4.X
RUGGEDCOM RSG2300PNC V5.X
RUGGEDCOM RSG2488 V4.X
RUGGEDCOM RSG2488 V5.X
RUGGEDCOM RSG2488NC V4.X
RUGGEDCOM RSG2488NC V5.X
RUGGEDCOM RSG907R
RUGGEDCOM RSG908C
RUGGEDCOM RSG909R
RUGGEDCOM RSG910C
RUGGEDCOM RSG920P V4.X
RUGGEDCOM RSG920P V5.X
RUGGEDCOM RSG920PNC V4.X
RUGGEDCOM RSG920PNC V5.X
RUGGEDCOM RSL910
RUGGEDCOM RSL910NC
RUGGEDCOM RST2228
RUGGEDCOM RST2228P
RUGGEDCOM RST916C
RUGGEDCOM RST916P
Description
The web server of the affected devices allows a low-privileged user to access hashes and password salts of all system's users, including admin users. An attacker could use the obtained information to brute force the passwords offline. The vulnerability is related to insufficient access control in the web servers of the RUGGEDCOM Ethernet switches.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruggedcom M2100
Ruggedcom M2200
Ruggedcom M969
Ruggedcom Rmc30
Ruggedcom Rmc8388 V4.X
Ruggedcom Rmc8388 V5.X
Ruggedcom Rp110
Ruggedcom Rs1600
Ruggedcom Rs1600F
Ruggedcom Rs1600T
Ruggedcom Rs400
Ruggedcom Rs401
Ruggedcom Rs416
Ruggedcom Rs416V2 V4.X
Ruggedcom Rs416V2 V5.X
Ruggedcom Rs416P
Ruggedcom Rs8000
Ruggedcom Rs8000A
Ruggedcom Rs8000H
Ruggedcom Rs8000T
Ruggedcom Rs900
Ruggedcom Rs900Nc(32M) V4.X
Ruggedcom Rs900Nc(32M) V5.X
Ruggedcom Rs900G
Ruggedcom Rs900Gp
Ruggedcom Rs900L
Ruggedcom Rs900M-Gets-C01
Ruggedcom Rs900M-Gets-Xx
Ruggedcom Rs900M-Stnd-C01
Ruggedcom Rs900M-Stnd-Xx
Ruggedcom Rs900Mnc-Stnd-Xx-C01
Ruggedcom Rsl910
Ruggedcom Rs910L
Ruggedcom Rsg910C
Ruggedcom Rs920L
Ruggedcom Rs930L
Ruggedcom Rs940G
Ruggedcom Rs969
Ruggedcom Rsg2100
Ruggedcom Rsg2100Nc(32M) V4.X
Ruggedcom Rsg2100Nc(32M) V5.X
Ruggedcom Rsg2100P
Ruggedcom Rsg2200
Ruggedcom Rsg2288 V4.X
Ruggedcom Rsg2288 V5.X
Ruggedcom Rsg2300 V4.X
Ruggedcom Rsg2300 V5.X
Ruggedcom Rsg2488 V4.X
Ruggedcom Rsg2488 V5.X
Ruggedcom Rsg907R
Ruggedcom Rsg908C
Ruggedcom Rsg909R
Ruggedcom Rsg920P V4.X
Ruggedcom Rsg920P V5.X
Ruggedcom Rst2228
Ruggedcom Rst916C
Ruggedcom I800
Ruggedcom I801
Ruggedcom I802
Ruggedcom I803