CVE-2024-39675

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RMC30 versions prior to V4.3.10 RUGGEDCOM RMC30NC versions prior to V4.3.10 RUGGEDCOM RP110 versions prior to V4.3.10 RUGGEDCOM RP110NC versions prior to V4.3.10 RUGGEDCOM RS400 versions prior to V4.3.10 RUGGEDCOM RS400NC versions prior to V4.3.10 RUGGEDCOM RS401 versions prior to V4.3.10 RUGGEDCOM RS401NC versions prior to V4.3.10 RUGGEDCOM RS416 versions prior to V4.3.10 RUGGEDCOM RS416NC versions prior to V4.3.10 RUGGEDCOM RS416NCv2 V4.X versions prior to V4.3.10 RUGGEDCOM RS416NCv2 V5.X versions prior to V5.9.0 RUGGEDCOM RS416P versions prior to V4.3.10 RUGGEDCOM RS416PNC versions prior to V4.3.10 RUGGEDCOM RS416PNCv2 V4.X versions prior to V4.3.10 RUGGEDCOM RS416PNCv2 V5.X versions prior to V5.9.0 RUGGEDCOM RS416Pv2 V4.X versions prior to V4.3.10 RUGGEDCOM RS416Pv2 V5.X versions prior to V5.9.0 RUGGEDCOM RS416v2 V4.X versions prior to V4.3.10 RUGGEDCOM RS416v2 V5.X versions prior to V5.9.0 RUGGEDCOM RS910 versions prior to V4.3.10 RUGGEDCOM RS910L all versions RUGGEDCOM RS910LNC all versions RUGGEDCOM RS910NC versions prior to V4.3.10 RUGGEDCOM RS910W versions prior to V4.3.10 RUGGEDCOM RS920L all versions RUGGEDCOM RS920LNC all versions RUGGEDCOM RS920W all versions

Description: The issue is related to the disclosure of system data to unauthorized areas. In some configurations, the affected products wrongly enable the Modbus service in non-managed VLANS, which can be exploited by an attacker to reveal protected information. This issue affects only serial devices.

Recommendations: For RUGGEDCOM RMC30 versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RMC30NC versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RP110 versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RP110NC versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS400 versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS400NC versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS401 versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS401NC versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS416 versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS416NC versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS416NCv2 V4.X versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS416NCv2 V5.X versions prior to V5.9.0, update to version V5.9.0 or later. For RUGGEDCOM RS416P versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS416PNC versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS416PNCv2 V4.X versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS416PNCv2 V5.X versions prior to V5.9.0, update to version V5.9.0 or later. For RUGGEDCOM RS416Pv2 V4.X versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS416Pv2 V5.X versions prior to V5.9.0, update to version V5.9.0 or later. For RUGGEDCOM RS416v2 V4.X versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS416v2 V5.X versions prior to V5.9.0, update to version V5.9.0 or later. For RUGGEDCOM RS910 versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS910L, consider disabling the Modbus service in non-managed VLANS as a temporary workaround. For RUGGEDCOM RS910LNC, consider disabling the Modbus service in non-managed VLANS as a temporary workaround. For RUGGEDCOM RS910NC versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS910W versions prior to V4.3.10, update to version V4.3.10 or later. For RUGGEDCOM RS920L, consider disabling the Modbus service in non-managed VLANS as a temporary workaround. For RUGGEDCOM RS920LNC, consider disabling the Modbus service in non-managed VLANS as a temporary workaround. For RUGGEDCOM RS920W, consider disabling the Modbus service in non-managed VLANS as a temporary workaround.