SSA-373591

Siemens Security Advisory by Siemens ProductCERT

SSA-373591: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices

Publication Date:	2021-07-13
Last Update:	2025-05-13
Current Version:	V1.1
CVSS v3.1 Base Score:	8.1

SUMMARY

The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition.

Siemens has released updates for the affected products and recommends to update to the latest versions.

AFFECTED PRODUCTS AND SOLUTION

Un-/Collapse All

Affected Product and Versions	Remediation
RUGGEDCOM ROS V4.X family	Show more details See further recommendations from section Workarounds and Mitigations
RUGGEDCOM i800 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM i801 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM i802 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM i803 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM M2100 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM M2200 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM M969 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RMC30 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RMC8388 V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RP110 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS1600 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS1600F All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS1600T All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS400 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS401 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS416 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS416P All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS416Pv2 V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS416v2 V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS8000 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS8000A All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS8000H All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS8000T All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS900 (32M) V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS900G All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS900G (32M) V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS900GP All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS900L All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS900W All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS910 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS910L All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS910W All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS920L All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS920W All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS930L All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS930W All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS940G All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS969 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2100 All versions affected by CVE-2021-31895	Currently no fix is available See recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2100 (32M) V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2100P All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2100P (32M) V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2100PNC (32M) V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2200 All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2288 V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2300 V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2300P V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2488 V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG920P V4.X All versions < V4.3.7 affected by CVE-2021-31895	Update to V4.3.7 or later version https://support.industry.siemens.com/cs/ww/en/view/109799880/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM ROS V5.X family	Show more details https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RMC8388 V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS416Pv2 V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS416v2 V5.X All versions < 5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS900 (32M) V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RS900G (32M) V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2100 (32M) V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2100P (32M) V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2100PNC (32M) V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2288 V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2300 V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2300P V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG2488 V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG907R All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG908C All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG909R All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG910C All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSG920P V5.X All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RSL910 All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RST2228 All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RST2228P All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RST916C All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations
RUGGEDCOM RST916P All versions < V5.5.4 affected by CVE-2021-31895	Update to V5.5.4 or later version https://support.industry.siemens.com/cs/ww/en/view/109797844/ See further recommendations from section Workarounds and Mitigations

WORKAROUNDS AND MITIGATIONS

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

Enabling DHCP snooping ensures that the DHCP client in the affected devices will only accept DHCP requests from trusted DHCP servers
Disable DHCP and configure a static IP address to the device

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

RUGGEDCOM ROS-based devices, typically switches and serial-to-Ethernet devices, are used to connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2021-31895

The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

CVSS v3.1 Base Score	8.1
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE	CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2021-07-13):

Publication Date

V1.1 (2025-05-13):

Added RUGGEDCOM RSG2100PNC (32M) V4.X and RSG2100PNC (32M) V5.X as affected products. Removed not affected products: RUGGEDCOM ROS RMC, RUGGEDCOM ROS RMC20, RUGGEDCOM ROS RMC40, RUGGEDCOM ROS RMC41, RUGGEDCOM RSG900 V4.X, RUGGEDCOM RSG900 V5.X, RUGGEDCOM RSG900G V4.X, RUGGEDCOM RSG900G V5.X, RUGGEDCOM ROS RSG900C, RUGGEDCOM ROS RSG900R. Added RUGGEDCOM RS416P, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T and RUGGEDCOM RST2228P V5.X

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.