ICSA-23-222-12 — Vulnetix

ICSA-23-222-12 PUBLISHED CVSS 9.100000381469727 CRITICAL

A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	RUGGEDCOM M969NC
	RUGGEDCOM M2200
	RUGGEDCOM M2100NC
	RUGGEDCOM i802NC
	RUGGEDCOM M2200F
	RUGGEDCOM i802
	RUGGEDCOM i801
	RUGGEDCOM i800
	RUGGEDCOM M2200NC
	RUGGEDCOM i800NC
	RUGGEDCOM M2100
	RUGGEDCOM RMC30
	RUGGEDCOM i803
	RUGGEDCOM i803NC
	RUGGEDCOM M969
	RUGGEDCOM M969F
	RUGGEDCOM i801NC
	RUGGEDCOM RMC30NC
	RUGGEDCOM M2100F
	RUGGEDCOM RMC8388 V4.X

Timeline

Aug 8, 2023 CVE Published
Aug 12, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/csaf/ssa-908185.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-908185.html advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-222-12.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-12 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
https://support.industry.siemens.com/cs/ww/en/view/109816735/ fix
https://support.industry.siemens.com/cs/ww/en/view/109824855/ fix

Open in Interactive Console →