LiveActive security incident?Get immediate response
CVE Record

CVE-2021-31895: A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions...

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

HighCVSS 8.1Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

Some Siemens RUGGEDCOM industrial networking devices can mishandle DHCP packets, causing memory overwrite and possible remote code execution. This matters because these devices often sit in operational networks where compromise can affect availability and trusted network paths. The issue is high severity, but the CVSS vector marks attack complexity as high.

Executive priority

Treat this as a high-priority OT network hygiene issue. It is not marked as actively exploited in the provided evidence, but the potential impact includes remote code execution on industrial networking equipment, making exposed legacy firmware unacceptable in critical environments.

Technical view

CVE-2021-31895 is a CWE-120 buffer-style memory overwrite in the DHCP client of affected Siemens RUGGEDCOM devices. An unauthenticated remote attacker able to deliver malicious DHCP packets to the device could potentially achieve remote code execution. Affected versions are below V4.3.7 or V5.5.4 depending on model family.

Likely exposure

Exposure is most likely in Siemens RUGGEDCOM deployments listed by the advisory that run affected firmware and use DHCP client behavior. RUGGEDCOM fleets in OT, utility, transportation, or industrial networks should be prioritized for firmware inventory and network reachability review.

Exploitation context

The provided bundle does not show CISA KEV listing or active exploitation. The CVSS vector is network-accessible, unauthenticated, no user interaction, high impact, and high attack complexity. The source indicates Siemens has official remediation available.

Researcher notes

Focus validation on the DHCP client attack surface, exact firmware branch, and model-specific fixed version. Avoid assuming all RUGGEDCOM products are affected; use the Siemens advisory list. Evidence provided supports potential RCE, not confirmed active exploitation.

Mitigation direction

  • Identify listed RUGGEDCOM models and firmware versions in asset inventory.
  • Upgrade affected V4.x devices to V4.3.7 or later where applicable.
  • Upgrade affected V5.x devices to V5.5.4 or later where applicable.
  • Restrict untrusted network paths to device management and DHCP-related traffic.
  • Check Siemens SSA-373591 for model-specific guidance before changes.

Validation and detection

  • Confirm each RUGGEDCOM model and firmware version against Siemens SSA-373591.
  • Verify whether devices are below V4.3.7 or V5.5.4 thresholds.
  • Review network segmentation around affected industrial devices.
  • Confirm remediation completion through firmware inventory evidence.
  • Monitor vendor advisories for updates to Siemens guidance.
Prepared
Confidence
high
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-120: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Execution behavior lookup

The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2021-31895 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.1 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
3Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.1CVSS 3.1HighCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C2.25.9Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

8.1High
CVSS 3.1 vector shape for CVE-2021-31895Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
SiemensRUGGEDCOM i800All versions < V4.3.7unknown
SiemensRUGGEDCOM i801All versions < V4.3.7unknown
SiemensRUGGEDCOM i802All versions < V4.3.7unknown
SiemensRUGGEDCOM i803All versions < V4.3.7unknown
SiemensRUGGEDCOM M2100All versions < V4.3.7unknown
SiemensRUGGEDCOM M2200All versions < V4.3.7unknown
SiemensRUGGEDCOM M969All versions < V4.3.7unknown
SiemensRUGGEDCOM RMC30All versions < V4.3.7unknown
SiemensRUGGEDCOM RMC8388 V4.XAll versions < V4.3.7unknown
SiemensRUGGEDCOM RMC8388 V5.X0unknown
SiemensRUGGEDCOM RP110All versions < V4.3.7unknown
SiemensRUGGEDCOM RS16000unknown
SiemensRUGGEDCOM RS1600F0unknown
SiemensRUGGEDCOM RS1600T0unknown
SiemensRUGGEDCOM RS400All versions < V4.3.7unknown
SiemensRUGGEDCOM RS401All versions < V4.3.7unknown
SiemensRUGGEDCOM RS416All versions < V4.3.7unknown
SiemensRUGGEDCOM RS416P0unknown
SiemensRUGGEDCOM RS416Pv2 V4.X0unknown
SiemensRUGGEDCOM RS416Pv2 V5.X0unknown
SiemensRUGGEDCOM RS416v2 V4.XAll versions < V4.3.7unknown
SiemensRUGGEDCOM RS416v2 V5.XAll versions < 5.5.4unknown
SiemensRUGGEDCOM RS8000All versions < V4.3.7unknown
SiemensRUGGEDCOM RS8000AAll versions < V4.3.7unknown
SiemensRUGGEDCOM RS8000HAll versions < V4.3.7unknown
SiemensRUGGEDCOM RS8000TAll versions < V4.3.7unknown
SiemensRUGGEDCOM RS900 (32M) V4.XAll versions < V4.3.7unknown
SiemensRUGGEDCOM RS900 (32M) V5.XAll versions < V5.5.4unknown
SiemensRUGGEDCOM RS900GAll versions < V4.3.7unknown
SiemensRUGGEDCOM RS900G (32M) V4.XAll versions < V4.3.7unknown
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-120 · source CWE mapping

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.