CVE-2024-38278

None

Description

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system.

INFO

Published Date :

2024-07-09T12:05:07.958Z

Last Modified :

2025-08-27T20:42:54.768Z

Source :

siemens

AFFECTED PRODUCTS

The following products are affected by CVE-2024-38278 vulnerability.

Vendors	Products
Siemens	Ruggedcom Ros Rmc8388 Ruggedcom Ros Rmc8388nc Ruggedcom Ros Rs416ncv2 Ruggedcom Ros Rs416pncv2 Ruggedcom Ros Rs416pv2 Ruggedcom Ros Rs416v2 Ruggedcom Ros Rs900 Ruggedcom Ros Rs900g Ruggedcom Ros Rs900gnc Ruggedcom Ros Rs900nc Ruggedcom Ros Rsg2100 Ruggedcom Ros Rsg2100nc Ruggedcom Ros Rsg2288 Ruggedcom Ros Rsg2288nc Ruggedcom Ros Rsg2300 Ruggedcom Ros Rsg2300nc Ruggedcom Ros Rsg2300p Ruggedcom Ros Rsg2300pnc Ruggedcom Ros Rsg2488 Ruggedcom Ros Rsg2488nc Ruggedcom Ros Rsg907r Ruggedcom Ros Rsg908c Ruggedcom Ros Rsg909r Ruggedcom Ros Rsg910c Ruggedcom Ros Rsg920p Ruggedcom Ros Rsg920pnc Ruggedcom Ros Rsl910 Ruggedcom Ros Rsl910nc Ruggedcom Ros Rst2228 Ruggedcom Ros Rst2228p Ruggedcom Ros Rst916c Ruggedcom Ros Rst916p

Vendors

Products

Siemens

Ruggedcom Ros Rmc8388
Ruggedcom Ros Rmc8388nc
Ruggedcom Ros Rs416ncv2
Ruggedcom Ros Rs416pncv2
Ruggedcom Ros Rs416pv2
Ruggedcom Ros Rs416v2
Ruggedcom Ros Rs900
Ruggedcom Ros Rs900g
Ruggedcom Ros Rs900gnc
Ruggedcom Ros Rs900nc
Ruggedcom Ros Rsg2100
Ruggedcom Ros Rsg2100nc
Ruggedcom Ros Rsg2288
Ruggedcom Ros Rsg2288nc
Ruggedcom Ros Rsg2300
Ruggedcom Ros Rsg2300nc
Ruggedcom Ros Rsg2300p
Ruggedcom Ros Rsg2300pnc
Ruggedcom Ros Rsg2488
Ruggedcom Ros Rsg2488nc
Ruggedcom Ros Rsg907r
Ruggedcom Ros Rsg908c
Ruggedcom Ros Rsg909r
Ruggedcom Ros Rsg910c
Ruggedcom Ros Rsg920p
Ruggedcom Ros Rsg920pnc
Ruggedcom Ros Rsl910
Ruggedcom Ros Rsl910nc
Ruggedcom Ros Rst2228
Ruggedcom Ros Rst2228p
Ruggedcom Ros Rst916c
Ruggedcom Ros Rst916p

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38278.

URL	Resource
https://cert-portal.siemens.com/productcert/html/ssa-170375.html

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact