siemens ruggedcom_ros_i800_firmware 未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
CVE编号
CVE-2021-31895利用情况
暂无补丁情况
N/A披露时间
2021-07-13漏洞描述
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_i800_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_i801_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_i802_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_i803_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_m2100_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_m2200_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_m969_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rmc20_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rmc30_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rmc40_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rmc41_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rmc8388_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rmc8388_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rmc_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rp110_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs400_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs401_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs416v2_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs416v2_firmware | * | From (including) 5.5.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs416_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs8000a_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs8000h_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs8000t_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs8000_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs900gp_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs900g_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs900g_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs900l_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs900w_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs900_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs900_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs910l_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs910w_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs910_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs920l_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs920w_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs930l_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs930w_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs940g_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rs969_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2100p_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2100p_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.3.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2100_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2100_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2200_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2288_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2288_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2300p_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2300p_firmware | * | From (including) 5.5.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2300_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2300_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.3.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2488_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg2488_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg900c_firmware | * | Up to (excluding) 5.5.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg900g_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg900g_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg900r_firmware | * | Up to (excluding) 5.5.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg900_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg900_firmware | * | From (including) 5.5.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg920p_firmware | * | Up to (excluding) 4.3.7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsg920p_firmware | * | From (including) 5.0.0 | Up to (excluding) 5.5.4 | ||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rsl910_firmware | * | Up to (excluding) 5.5.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rst2228_firmware | * | Up to (excluding) 5.5.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rst916c_firmware | * | Up to (excluding) 5.5.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | siemens | ruggedcom_ros_rst916p_firmware | * | Up to (excluding) 5.5.4 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_i800 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_i801 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_i802 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_i803 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_m2100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_m2200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_m969 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rmc | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rmc20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rmc30 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rmc40 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rmc41 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rmc8388 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rp110 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs400 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs401 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs416 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs416v2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs8000 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs8000a | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs8000h | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs8000t | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs900 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs900g | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs900gp | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs900l | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs900w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs910 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs910l | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs910w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs920l | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs920w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs930l | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs930w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs940g | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rs969 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg2100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg2100p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg2200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg2288 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg2300 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg2300p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg2488 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg900 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg900c | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg900g | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg900r | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsg920p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rsl910 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rst2228 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rst916c | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | siemens | ruggedcom_ros_rst916p | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-120 | 未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出) |
| CWE-787 | 跨界内存写 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论