CVE-2024-38278 Information
Description
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0) RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0) RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0) RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0) RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0) RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0) RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0) RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0) RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0) RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0) RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0) RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0) RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0) RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0) RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0) RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0) RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0) RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0) RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0) RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0) RUGGEDCOM RSG907R (All versions < V5.9.0) RUGGEDCOM RSG908C (All versions < V5.9.0) RUGGEDCOM RSG909R (All versions < V5.9.0) RUGGEDCOM RSG910C (All versions < V5.9.0) RUGGEDCOM RSG920P V5.X (All versions < V5.9.0) RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0) RUGGEDCOM RSL910 (All versions < V5.9.0) RUGGEDCOM RSL910NC (All versions < V5.9.0) RUGGEDCOM RST2228 (All versions < V5.9.0) RUGGEDCOM RST2228P (All versions < V5.9.0) RUGGEDCOM RST916C (All versions < V5.9.0) RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system.
Reference
https://cert-portal.siemens.com/productcert/html/ssa-170375.html
Share on: