CNNVD-202507-937 Information
CNNVD ID
CNNVD-202507-937
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Siemens RUGGEDCOM i800等都是德国西门子(Siemens)公司的一款交换机。 Siemens多款产品存在加密问题漏洞,该漏洞源于支持易受时序攻击的TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256密码套件,可能导致通信泄露。以下产品及版本受到影响:RUGGEDCOM i800和RUGGEDCOM i801和RUGGEDCOM i802和RUGGEDCOM i803和RUGGEDCOM M2100和RUGGEDCOM M2200和RUGGEDCOM M969和RUGGEDCOM RMC30和RUGGEDCOM RMC8388 V4.X和RUGGEDCOM RMC8388 V5.X V5.10.0之前版本和RUGGEDCOM RP110和RUGGEDCOM RS1600和RUGGEDCOM RS1600F和RUGGEDCOM RS1600T和RUGGEDCOM RS400和RUGGEDCOM RS401和RUGGEDCOM RS416和RUGGEDCOM RS416P和RUGGEDCOM RS416Pv2 V4.X和RUGGEDCOM RS416Pv2 V5.X V5.10.0之前版本和RUGGEDCOM RS416v2 V4.X和RUGGEDCOM RS416v2 V5.X V5.10.0之前版本和RUGGEDCOM RS8000和RUGGEDCOM RS8000A和RUGGEDCOM RS8000H和RUGGEDCOM RS8000T和RUGGEDCOM RS900和RUGGEDCOM RS900 32M V4.X和RUGGEDCOM RS900 32M V5.X V5.10.0之前版本和RUGGEDCOM RS900G和RUGGEDCOM RS900G 32M V4.X和RUGGEDCOM RS900G 32M V5.X V5.10.0之前版本和RUGGEDCOM RS900GP和RUGGEDCOM RS900L和RUGGEDCOM RS900M-GETS-C01和RUGGEDCOM RS900M-GETS-XX和RUGGEDCOM RS900M-STND-C01和RUGGEDCOM RS900M-STND-XX和RUGGEDCOM RS900W和RUGGEDCOM RS910和RUGGEDCOM RS910L和RUGGEDCOM RS910W和RUGGEDCOM RS920L和RUGGEDCOM RS920W和RUGGEDCOM RS930L和RUGGEDCOM RS930W和RUGGEDCOM RS940G和RUGGEDCOM RS969和RUGGEDCOM RSG2100和RUGGEDCOM RSG2100 32M V4.X和RUGGEDCOM RSG2100 32M V5.X V5.10.0之前版本和RUGGEDCOM RSG2100P和RUGGEDCOM RSG2100P 32M V4.X和RUGGEDCOM RSG2100P 32M V5.X V5.10.0之前版本和RUGGEDCOM RSG2200和RUGGEDCOM RSG2288 V4.X和RUGGEDCOM RSG2288 V5.X V5.10.0之前版本和RUGGEDCOM RSG2300 V4.X和RUGGEDCOM RSG2300 V5.X V5.10.0之前版本和RUGGEDCOM RSG2300P V4.X和RUGGEDCOM RSG2300P V5.X V5.10.0之前版本和RUGGEDCOM RSG2488 V4.X和RUGGEDCOM RSG2488 V5.X V5.10.0之前版本和RUGGEDCOM RSG907R V5.10.0之前版本和RUGGEDCOM RSG908C V5.10.0之前版本和RUGGEDCOM RSG909R V5.10.0之前版本和RUGGEDCOM RSG910C V5.10.0之前版本和RUGGEDCOM RSG920P V4.X和RUGGEDCOM RSG920P V5.X V5.10.0之前版本和RUGGEDCOM RSL910 V5.10.0之前版本和RUGGEDCOM RST2228 V5.10.0之前版本和RUGGEDCOM RST2228P V5.10.0之前版本和RUGGEDCOM RST916C V5.10.0之前版本和RUGGEDCOM RST916P V5.10.0之前版本。
Description (English)
Siemens RUGEDCOM i800 and so on are a switch from Siemens, Germany. Siemens multi-products have a encryption loophole, which stems from a password package that supports TLS EDHE ECDCSA WITH AES 128 CBC SHA256, which can lead to communications leaking. The following products and their versions are affected: UUMEDR5-MERC5-MERC5-MERC5-MERC5-USD5-MERC5-USC5-USC5-USB5-USC5-USC5-USC5-USC5-USB5-USC5-USC5-USC5-USB5-USB5-USB5-MERC5-RSC5-RSG5-RSC5-RSC5-T5-G5-G5-G5-G5-G5-G5-G5-G5-G5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C5-C10-C5-C5-C5-C5-C-C5-C10-C10-C10-C5-C5-C-C-C10-C-C-C-C-C-C-C
Hazard Level
High
Vulnerability Type
加密问题
Affected Vendor
西门子
Published
2025-07-08
Last Modified
2026-02-24
References
https://cert-portal.siemens.com/productcert/html/ssa-083019.html