Publication Date:
Last Update:
Current Version: V1.2
CVSS v3.1 Base Score: 9.1
Un-/Collapse All
Affected Product and Versions Remediation

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned
Expand children
Expand children

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned

All versions
affected by CVE-2023-24845
Currently no fix is planned
  • Configure ingress filtering to control traffic flow when port mirroring is enabled:

    • Enable Ingress Filtering
    • Disabled RSTP on the Target port(s)
    • Disable Neighbor Discovery protocol on the target port(s)
    • Disable LLDP on the target port(s)
  • Further details can be find at https://support.industry.siemens.com/cs/ww/en/view/109759351

Product-specific remediations or mitigations can be found in the section Known Affected Products.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-684: Incorrect Provision of Specified Functionality

The fix for RS900 devices (see full list below) doesn't apply for devices using the M88E6083 chip. To check which chip is used by your RS900 device:

  1. Login to the device via the local console, SSH, or telnet (for NC class devices) with the administrator credentials
  2. Enter the interactive shell by using the hot-key “Ctrl-S”
  3. Enter the factory mode by typing the “factory” command, and follow the prompts to login.
  4. Enter the command “m88e6 globals”

If the output contains the text “M88E6083”, then the device is unable to be patched (see WORKAROUNDS AND MITIGATIONS section).Otherwise, the device can be patched with the firmware version identified in the AFFECTED PRODUCTS AND SOLUTION table above.

List of RS900 devices:

  • RUGGEDCOM RS900
  • RUGGEDCOM RS900L
  • RUGGEDCOM RS900LNC
  • RUGGEDCOM RS900NC

https://www.siemens.com/cert/advisories
V1.0 (2023-08-08): Publication Date
V1.1 (2023-11-14): Added fix to all V5.X products. Added missing affected products: RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416PNCv2 V4.x, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416Pv2 V4.X. Adjusted the name of RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416PNCv2 V5.x, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS416Pv2 V5.X (added reference to V5.X). Added fix for RS416*NC V4.X
V1.2 (2025-08-12): Added RUGGEDCOM RSG2100P (32M) and RUGGEDCOM RSG2100PNC (32M) for V4.x and V5.x