Skip to main content
(844) 422-7000

Network Mirroring in Siemens RUGGEDCOM

1. EXECUTIVE SUMMARY

CVSS v3 9.1 
ATTENTION: Exploitable remotely / low attack complexity  
Vendor: Siemens  
Equipment: RUGGEDCOM 
Vulnerability: Incorrect Provision of Specified Functionality 

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to inject information into the network via the mirror port.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following products from Siemens are affected:

RUGGEDCOM i800: All versions prior to V4.3.8
RUGGEDCOM i800NC: All versions prior to V4.3.8
RUGGEDCOM i801: All versions prior to V4.3.8
RUGGEDCOM i801NC: All versions prior to V4.3.8
RUGGEDCOM i802: All versions prior to V4.3.8
RUGGEDCOM i802NC: All versions prior to V4.3.8
RUGGEDCOM i803: All versions prior to V4.3.8
RUGGEDCOM i803NC: All versions prior to V4.3.8
RUGGEDCOM M2100: All versions prior to V4.3.8
RUGGEDCOM M2100F: All versions
RUGGEDCOM M2100NC: All versions prior to V4.3.8
RUGGEDCOM M2200: All versions prior to V4.3.8
RUGGEDCOM M2200F: All versions
RUGGEDCOM M2200NC: All versions prior to V4.3.8
RUGGEDCOM M969: All versions prior to V4.3.8
RUGGEDCOM M969F: All versions
RUGGEDCOM M969NC: All versions prior to V4.3.8
RUGGEDCOM RMC30: All versions prior to V4.3.8
RUGGEDCOM RMC30NC: All versions prior to V4.3.8
RUGGEDCOM RMC8388 V4.X: All versions prior to V4.3.8
RUGGEDCOM RMC8388 V5.X: All versions
RUGGEDCOM RMC8388NC V4.X: All versions prior to V4.3.8
RUGGEDCOM RMC8388NC V5.X: All versions
RUGGEDCOM RP110: All versions prior to V4.3.8
RUGGEDCOM RP110NC: All versions prior to V4.3.8
RUGGEDCOM RS1600: All versions
RUGGEDCOM RS1600F: All versions
RUGGEDCOM RS1600FNC: All versions
RUGGEDCOM RS1600NC: All versions
RUGGEDCOM RS1600T: All versions
RUGGEDCOM RS1600TNC: All versions
RUGGEDCOM RS400: All versions
RUGGEDCOM RS400F: All versions
RUGGEDCOM RS400NC: All versions
RUGGEDCOM RS401: All versions
RUGGEDCOM RS401NC: All versions
RUGGEDCOM RS416: All versions prior to V4.3.8
RUGGEDCOM RS416F: All versions
RUGGEDCOM RS416NC: All versions prior to V4.3.8
RUGGEDCOM RS416NC v2: All versions
RUGGEDCOM RS416P: All versions prior to V4.3.8
RUGGEDCOM RS416PF: All versions
RUGGEDCOM RS416PNC: All versions prior to V4.3.8
RUGGEDCOM RS416PNC v2: All versions
RUGGEDCOM RS416Pv2: All versions
RUGGEDCOM RS416v2: All versions
RUGGEDCOM RS8000: All versions
RUGGEDCOM RS8000A: All versions
RUGGEDCOM RS8000ANC: All versions
RUGGEDCOM RS8000H: All versions
RUGGEDCOM RS8000HNC: All versions
RUGGEDCOM RS8000NC: All versions
RUGGEDCOM RS8000T: All versions
RUGGEDCOM RS8000TNC: All versions
RUGGEDCOM RS900: All versions prior to V4.3.8
RUGGEDCOM RS900: All versions with switch chip M88E6083
RUGGEDCOM RS900 (32M) V4.X: All versions prior to V4.3.8
RUGGEDCOM RS900 (32M) V5.X: All versions
RUGGEDCOM RS900F: All versions
RUGGEDCOM RS900G: All versions prior to V4.3.8
RUGGEDCOM RS900G (32M) V4.X: All versions prior to V4.3.8
RUGGEDCOM RS900G (32M) V5.X: All versions
RUGGEDCOM RS900GF: All versions
RUGGEDCOM RS900GNC: All versions prior to V4.3.8
RUGGEDCOM RS900GNC(32M) V4.X: All versions prior to V4.3.8
RUGGEDCOM RS900GNC(32M) V5.X: All versions
RUGGEDCOM RS900GP: All versions prior to V4.3.8
RUGGEDCOM RS900GPF: All versions
RUGGEDCOM RS900GPNC: All versions prior to V4.3.8
RUGGEDCOM RS900L: All versions prior to V4.3.8
RUGGEDCOM RS900L: All versions
RUGGEDCOM RS900LNC: All versions prior to V4.3.8
RUGGEDCOM RS900LNC: All versions
RUGGEDCOM RS900M-GETS-C01: All versions prior to V4.3.8
RUGGEDCOM RS900M-GETS-XX: All versions prior to V4.3.8
RUGGEDCOM RS900M-STND-C01: All versions prior to V4.3.8
RUGGEDCOM RS900M-STND-XX: All versions prior to V4.3.8
RUGGEDCOM RS900MNC-GETS-C01: All versions prior to V4.3.8
RUGGEDCOM RS900MNC-GETS-XX: All versions prior to V4.3.8
RUGGEDCOM RS900MNC-STND-XX: All versions prior to V4.3.8
RUGGEDCOM RS900MNC-STND-XX-C01: All versions prior to V4.3.8
RUGGEDCOM RS900NC: All versions prior to V4.3.8
RUGGEDCOM RS900NC: All versions
RUGGEDCOM RS900NC(32M) V4.X: All versions prior to V4.3.8
RUGGEDCOM RS900NC(32M) V5.X: All versions
RUGGEDCOM RS900W: All versions prior to V4.3.8
RUGGEDCOM RS910: All versions prior to V4.3.8
RUGGEDCOM RS910L: All versions prior to V4.3.8
RUGGEDCOM RS910LNC: All versions prior to V4.3.8
RUGGEDCOM RS910NC: All versions prior to V4.3.8
RUGGEDCOM RS910W: All versions prior to V4.3.8
RUGGEDCOM RS920L: All versions prior to V4.3.8
RUGGEDCOM RS920LNC: All versions prior to V4.3.8
RUGGEDCOM RS920W: All versions prior to V4.3.8
RUGGEDCOM RS930L: All versions prior to V4.3.8
RUGGEDCOM RS930LNC: All versions prior to V4.3.8
RUGGEDCOM RS930W: All versions prior to V4.3.8
RUGGEDCOM RS940G: All versions prior to V4.3.8
RUGGEDCOM RS940GF: All versions
RUGGEDCOM RS940GNC: All versions prior to V4.3.8
RUGGEDCOM RS969: All versions prior to V4.3.8
RUGGEDCOM RS969NC: All versions prior to V4.3.8
RUGGEDCOM RSG2100: All versions prior to V4.3.8
RUGGEDCOM RSG2100 (32M) V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG2100 (32M) V5.X: All versions
RUGGEDCOM RSG2100F: All versions
RUGGEDCOM RSG2100NC: All versions prior to V4.3.8
RUGGEDCOM RSG2100NC(32M) V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG2100NC(32M) V5.X: All versions
RUGGEDCOM RSG2100P: All versions prior to V4.3.8
RUGGEDCOM RSG2100PF: All versions
RUGGEDCOM RSG2100PNC: All versions prior to V4.3.8
RUGGEDCOM RSG2200: All versions prior to V4.3.8
RUGGEDCOM RSG2200F: All versions
RUGGEDCOM RSG2200NC: All versions prior to V4.3.8
RUGGEDCOM RSG2288 V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG2288 V5.X: All versions
RUGGEDCOM RSG2288NC V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG2288NC V5.X: All versions
RUGGEDCOM RSG2300 V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG2300 V5.X: All versions
RUGGEDCOM RSG2300F: All versions
RUGGEDCOM RSG2300NC V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG2300NC V5.X: All versions
RUGGEDCOM RSG2300P V4.X: All versions prior to V4.3.8 
RUGGEDCOM RSG2300P V5.X: All versions
RUGGEDCOM RSG2300PF: All versions
RUGGEDCOM RSG2300PNC V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG2300PNC V5.X: All versions
RUGGEDCOM RSG2488 V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG2488 V5.X: All versions
RUGGEDCOM RSG2488F: All versions
RUGGEDCOM RSG2488NC V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG2488NC V5.X: All versions
RUGGEDCOM RSG907R: All versions
RUGGEDCOM RSG908C: All versions
RUGGEDCOM RSG909R: All versions
RUGGEDCOM RSG910C: All versions
RUGGEDCOM RSG920P V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG920P V5.X: All versions
RUGGEDCOM RSG920PNC V4.X: All versions prior to V4.3.8
RUGGEDCOM RSG920PNC V5.X: All versions
RUGGEDCOM RSL910: All versions
RUGGEDCOM RSL910NC: All versions
RUGGEDCOM RST2228: All versions
RUGGEDCOM RST2228P: All versions
RUGGEDCOM RST916C: All versions
RUGGEDCOM RST916P: All version

3.2 VULNERABILITY OVERVIEW

3.2.1 INCORRECT PROVISION OF SPECIFIED FUNCTIONALITY CWE-684 

The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network.  An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.

CVE-2023-24845 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Multiple
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has released updates for several affected products and recommends updating to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available:

RUGGEDCOM i800: Update to V4.3.8 or later version
RUGGEDCOM i800NC: Update to V4.3.8 or later version
RUGGEDCOM i801: Update to V4.3.8 or later version
RUGGEDCOM i801NC: Update to V4.3.8 or later version
RUGGEDCOM i802: Update to V4.3.8 or later version
RUGGEDCOM i802NC: Update to V4.3.8 or later version
RUGGEDCOM i803: Update to V4.3.8 or later version
RUGGEDCOM i803NC: Update to V4.3.8 or later version
RUGGEDCOM M2100: Update to V4.3.8 or later version
RUGGEDCOM M2100F: Currently no fix is planned.
RUGGEDCOM M2100NC: Update to V4.3.8 or later version
RUGGEDCOM M2200: Update to V4.3.8 or later version
RUGGEDCOM M2200F: Currently no fix is planned.
RUGGEDCOM M2200NC: Update to V4.3.8 or later version
RUGGEDCOM M969: Update to V4.3.8 or later version
RUGGEDCOM M969F: Currently no fix is planned.
RUGGEDCOM M969NC: Update to V4.3.8 or later version
RUGGEDCOM RMC30: Update to V4.3.8 or later version
RUGGEDCOM RMC30NC: Update to V4.3.8 or later version
RUGGEDCOM RMC8388 V4.X: Update to V4.3.8 or later version
RUGGEDCOM RMC8388 V5.X: Currently no fix is available.
RUGGEDCOM RMC8388NC V4.X: Update to V4.3.8 or later version
RUGGEDCOM RMC8388NC V5.X: Currently no fix is available.
RUGGEDCOM RP110: Update to V4.3.8 or later version
RUGGEDCOM RP110NC: Update to V4.3.8 or later version
RUGGEDCOM RS1600: Currently no fix is planned.
RUGGEDCOM RS1600F: Currently no fix is planned.
RUGGEDCOM RS1600FNC: Currently no fix is planned.
RUGGEDCOM RS1600NC: Currently no fix is planned.
RUGGEDCOM RS1600T: Currently no fix is planned.
RUGGEDCOM RS1600TNC: Currently no fix is planned.
RUGGEDCOM RS400: Currently no fix is planned.
RUGGEDCOM RS400F: Currently no fix is planned.
RUGGEDCOM RS400NC: Currently no fix is planned.
RUGGEDCOM RS401: Currently no fix is planned.
RUGGEDCOM RS401NC: Currently no fix is planned.
RUGGEDCOM RS416: Update to V4.3.8 or later version
RUGGEDCOM RS416F: Currently no fix is planned.
RUGGEDCOM RS416NC: Update to V4.3.8 or later version
RUGGEDCOM RS416NC v2: Currently no fix is available.
RUGGEDCOM RS416P: Update to V4.3.8 or later version
RUGGEDCOM RS416PF: Currently no fix is planned.
RUGGEDCOM RS416PNC: Update to V4.3.8 or later version
RUGGEDCOM RS416PNC v2: Currently no fix is available.
RUGGEDCOM RS416Pv2: Currently no fix is available.
RUGGEDCOM RS416v2: Currently no fix is available.
RUGGEDCOM RS8000: Currently no fix is planned.
RUGGEDCOM RS8000A: Currently no fix is planned.
RUGGEDCOM RS8000ANC: Currently no fix is planned.
RUGGEDCOM RS8000H: Currently no fix is planned.
RUGGEDCOM RS8000HNC: Currently no fix is planned.
RUGGEDCOM RS8000NC: Currently no fix is planned.
RUGGEDCOM RS8000T: Currently no fix is planned.
RUGGEDCOM RS8000TNC: Currently no fix is planned.
RUGGEDCOM RS900: Update to V4.3.8 or later version
RUGGEDCOM RS900 with switch chip M88E6083: Currently no fix is planned.
RUGGEDCOM RS900 (32M) V4.X: Update to V4.3.8 or later version
RUGGEDCOM RS900 (32M) V5.X: Currently no fix is available.
RUGGEDCOM RS900F: Currently no fix is planned.
RUGGEDCOM RS900G: Update to V4.3.8 or later version
RUGGEDCOM RS900G (32M) V4.X: Update to V4.3.8 or later version
RUGGEDCOM RS900G (32M) V5.X: Currently no fix is available.
RUGGEDCOM RS900GF: Currently no fix is planned.
RUGGEDCOM RS900GNC: Update to V4.3.8 or later version
RUGGEDCOM RS900GNC(32M) V4.X: Update to V4.3.8 or later version
RUGGEDCOM RS900GNC(32M) V5.X: Currently no fix is available.
RUGGEDCOM RS900GP: Update to V4.3.8 or later version
RUGGEDCOM RS900GPF: Currently no fix is planned.
RUGGEDCOM RS900GPNC: Update to V4.3.8 or later version
RUGGEDCOM RS900L: Update to V4.3.8 or later version
RUGGEDCOM RS900L with switch chip M88E6083: Currently no fix is planned.
RUGGEDCOM RS900LNC: Update to V4.3.8 or later version
RUGGEDCOM RS900LNC with switch chip M88E6083: Currently no fix is planned.
RUGGEDCOM RS900M-GETS-C01: Update to V4.3.8 or later version
RUGGEDCOM RS900M-GETS-XX: Update to V4.3.8 or later version
RUGGEDCOM RS900M-STND-C01: Update to V4.3.8 or later version
RUGGEDCOM RS900M-STND-XX: Update to V4.3.8 or later version
RUGGEDCOM RS900MNC-GETS-C01: Update to V4.3.8 or later version
RUGGEDCOM RS900MNC-GETS-XX: Update to V4.3.8 or later version
RUGGEDCOM RS900MNC-STND-XX: Update to V4.3.8 or later version
RUGGEDCOM RS900MNC-STND-XX-C01: Update to V4.3.8 or later version
RUGGEDCOM RS900NC: Update to V4.3.8 or later version
RUGGEDCOM RS900NC with switch chip M88E6083: Currently no fix is planned.
RUGGEDCOM RS900NC(32M) V4.X: Update to V4.3.8 or later version
RUGGEDCOM RS900NC(32M) V5.X: Currently no fix is available.
RUGGEDCOM RS900W: Update to V4.3.8 or later version
RUGGEDCOM RS910: Update to V4.3.8 or later version
RUGGEDCOM RS910L: Update to V4.3.8 or later version
RUGGEDCOM RS910LNC: Update to V4.3.8 or later version
RUGGEDCOM RS910NC: Update to V4.3.8 or later version
RUGGEDCOM RS910W: Update to V4.3.8 or later version
RUGGEDCOM RS920L: Update to V4.3.8 or later version
RUGGEDCOM RS920LNC: Update to V4.3.8 or later version
RUGGEDCOM RS920W: Update to V4.3.8 or later version
RUGGEDCOM RS930L: Update to V4.3.8 or later version
RUGGEDCOM RS930LNC: Update to V4.3.8 or later version
RUGGEDCOM RS930W: Update to V4.3.8 or later version
RUGGEDCOM RS940G: Update to V4.3.8 or later version
RUGGEDCOM RS940GF: Currently no fix is planned.
RUGGEDCOM RS940GNC: Update to V4.3.8 or later version
RUGGEDCOM RS969: Update to V4.3.8 or later version
RUGGEDCOM RS969NC: Update to V4.3.8 or later version
RUGGEDCOM RSG2100: Update to V4.3.8 or later version
RUGGEDCOM RSG2100 (32M) V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2100 (32M) V5.X: Currently no fix is available.
RUGGEDCOM RSG2100F: Currently no fix is planned.
RUGGEDCOM RSG2100NC: Update to V4.3.8 or later version
RUGGEDCOM RSG2100NC (32M) V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2100NC (32M) V5.X: Currently no fix is available.
RUGGEDCOM RSG2100P: Update to V4.3.8 or later version
RUGGEDCOM RSG2100PF: Currently no fix is planned.
RUGGEDCOM RSG2100PNC: Update to V4.3.8 or later version
RUGGEDCOM RSG2200: Update to V4.3.8 or later version
RUGGEDCOM RSG2200F: Currently no fix is planned.
RUGGEDCOM RSG2200NC: Update to V4.3.8 or later version
RUGGEDCOM RSG2288 V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2288 V5.X: Currently no fix is available.
RUGGEDCOM RSG2288NC V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2288NC V5.X: Currently no fix is available.
RUGGEDCOM RSG2300 V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2300 V5.X: Currently no fix is available.
RUGGEDCOM RSG2300F: Currently no fix is planned.
RUGGEDCOM RSG2300NC V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2300NC V5.X: Currently no fix is available.
RUGGEDCOM RSG2300P V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2300P V5.X: Currently no fix is available.
RUGGEDCOM RSG2300PF: Currently no fix is planned.
RUGGEDCOM RSG2300PNC V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2300PNC V5.X: Currently no fix is available.
RUGGEDCOM RSG2488 V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2488 V5.X: Currently no fix is available.
RUGGEDCOM RSG2488F: Currently no fix is planned.
RUGGEDCOM RSG2488NC V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG2488NC V5.X: Currently no fix is available.
RUGGEDCOM RSG907R: Currently no fix is available.
RUGGEDCOM RSG908C: Currently no fix is available.
RUGGEDCOM RSG909R: Currently no fix is available.
RUGGEDCOM RSG910C: Currently no fix is available.
RUGGEDCOM RSG920P V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG920P V5.X: Currently no fix is available.
RUGGEDCOM RSG920PNC V4.X: Update to V4.3.8 or later version
RUGGEDCOM RSG920PNC V5.X: Currently no fix is available.
RUGGEDCOM RSL910: Currently no fix is available.
RUGGEDCOM RSL910NC: Currently no fix is available.
RUGGEDCOM RST2228: Currently no fix is available.
RUGGEDCOM RST2228P: Currently no fix is available.
RUGGEDCOM RST916C: Currently no fix is available.
RUGGEDCOM RST916P: Currently no fix is available.

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

Configure ingress filtering to control traffic flow when port mirroring is enabled:
Enable ingress filtering  
Disable RSTP on the target port(s)  
Disable neighbor discovery protocol on the target port(s)  
Disable LLDP on the target port(s) 

Further details can be found at  https://support.industry.siemens.com/cs/ww/en/view/109759351 

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-908185 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploits specifically target this vulnerability.