CVE-2021-42016

Description

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised.

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf	patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-42016?: CVE-2021-42016 has been scored as a high severity vulnerability.
How to fix CVE-2021-42016?: To fix CVE-2021-42016, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-42016 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-42016 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-42016?: CVE-2021-42016 affects Siemens RUGGEDCOM i800, Siemens RUGGEDCOM i801, Siemens RUGGEDCOM i802, Siemens RUGGEDCOM i803, Siemens RUGGEDCOM M2100, Siemens RUGGEDCOM M2100F, Siemens RUGGEDCOM M2200, Siemens RUGGEDCOM M2200F, Siemens RUGGEDCOM M969, Siemens RUGGEDCOM M969F, Siemens RUGGEDCOM RMC30, Siemens RUGGEDCOM RMC8388 V4.X, Siemens RUGGEDCOM RMC8388 V5.X, Siemens RUGGEDCOM RP110, Siemens RUGGEDCOM RS1600, Siemens RUGGEDCOM RS1600F, Siemens RUGGEDCOM RS1600T, Siemens RUGGEDCOM RS400, Siemens RUGGEDCOM RS400F, Siemens RUGGEDCOM RS401, Siemens RUGGEDCOM RS416, Siemens RUGGEDCOM RS416F, Siemens RUGGEDCOM RS416P, Siemens RUGGEDCOM RS416PF, Siemens RUGGEDCOM RS416Pv2 V4.X, Siemens RUGGEDCOM RS416Pv2 V5.X, Siemens RUGGEDCOM RS416v2 V4.X, Siemens RUGGEDCOM RS416v2 V5.X, Siemens RUGGEDCOM RS8000, Siemens RUGGEDCOM RS8000A, Siemens RUGGEDCOM RS8000H, Siemens RUGGEDCOM RS8000T, Siemens RUGGEDCOM RS900, Siemens RUGGEDCOM RS900 (32M) V4.X, Siemens RUGGEDCOM RS900 (32M) V5.X, Siemens RUGGEDCOM RS900F, Siemens RUGGEDCOM RS900G, Siemens RUGGEDCOM RS900G (32M) V4.X, Siemens RUGGEDCOM RS900G (32M) V5.X, Siemens RUGGEDCOM RS900GF, Siemens RUGGEDCOM RS900GP, Siemens RUGGEDCOM RS900GPF, Siemens RUGGEDCOM RS900L, Siemens RUGGEDCOM RS900M-GETS-C01, Siemens RUGGEDCOM RS900M-GETS-XX, Siemens RUGGEDCOM RS900M-STND-C01, Siemens RUGGEDCOM RS900M-STND-XX, Siemens RUGGEDCOM RS900W, Siemens RUGGEDCOM RS910, Siemens RUGGEDCOM RS910L, Siemens RUGGEDCOM RS910W, Siemens RUGGEDCOM RS920L, Siemens RUGGEDCOM RS920W, Siemens RUGGEDCOM RS930L, Siemens RUGGEDCOM RS930W, Siemens RUGGEDCOM RS940G, Siemens RUGGEDCOM RS940GF, Siemens RUGGEDCOM RS969, Siemens RUGGEDCOM RSG2100, Siemens RUGGEDCOM RSG2100 (32M) V4.X, Siemens RUGGEDCOM RSG2100 (32M) V5.X, Siemens RUGGEDCOM RSG2100F, Siemens RUGGEDCOM RSG2100P, Siemens RUGGEDCOM RSG2100PF, Siemens RUGGEDCOM RSG2200, Siemens RUGGEDCOM RSG2200F, Siemens RUGGEDCOM RSG2288 V4.X, Siemens RUGGEDCOM RSG2288 V5.X, Siemens RUGGEDCOM RSG2300 V4.X, Siemens RUGGEDCOM RSG2300 V5.X, Siemens RUGGEDCOM RSG2300F, Siemens RUGGEDCOM RSG2300P V4.X, Siemens RUGGEDCOM RSG2300P V5.X, Siemens RUGGEDCOM RSG2300PF, Siemens RUGGEDCOM RSG2488 V4.X, Siemens RUGGEDCOM RSG2488 V5.X, Siemens RUGGEDCOM RSG2488F, Siemens RUGGEDCOM RSG907R, Siemens RUGGEDCOM RSG908C, Siemens RUGGEDCOM RSG909R, Siemens RUGGEDCOM RSG910C, Siemens RUGGEDCOM RSG920P V4.X, Siemens RUGGEDCOM RSG920P V5.X, Siemens RUGGEDCOM RSL910, Siemens RUGGEDCOM RST2228, Siemens RUGGEDCOM RST2228P, Siemens RUGGEDCOM RST916C, Siemens RUGGEDCOM RST916P.

Description

Categories

CWE-208 – Observable Timing Discrepancy

CWE-203 – Observable Discrepancy

References

Frequently Asked Questions