CVE-2021-37208 – This vulnerability allows attackers in a privil... (How to Fix)

Q: What is the severity of CVE-2021-37208?

CVE-2021-37208 has a CVSS score of 9.6 (CRITICAL). This vulnerability allows attackers in a privileged position to execute cross-site scripting (XSS) attacks on affected Siemens RUGGEDCOM industrial network devices. By exploiting improper input sanitization on web server configuration pages, attackers can steal sensitive information or perform unauthorized actions. The vulnerability affects numerous RUGGEDCOM product models across multiple versions.

📋 TL;DR

This vulnerability allows attackers in a privileged position to execute cross-site scripting (XSS) attacks on affected Siemens RUGGEDCOM industrial network devices. By exploiting improper input sanitization on web server configuration pages, attackers can steal sensitive information or perform unauthorized actions. The vulnerability affects numerous RUGGEDCOM product models across multiple versions.

💻 Affected Systems

Products:

RUGGEDCOM i800
RUGGEDCOM i800NC
RUGGEDCOM i801
RUGGEDCOM i801NC
RUGGEDCOM i802
RUGGEDCOM i802NC
RUGGEDCOM i803
RUGGEDCOM i803NC
RUGGEDCOM M2100
RUGGEDCOM M2100F
RUGGEDCOM M2100NC
RUGGEDCOM M2200
RUGGEDCOM M2200F
RUGGEDCOM M2200NC
RUGGEDCOM M969
RUGGEDCOM M969F
RUGGEDCOM M969NC
RUGGEDCOM RMC30
RUGGEDCOM RMC30NC
RUGGEDCOM RMC8388 V4.X
RUGGEDCOM RMC8388 V5.X
RUGGEDCOM RMC8388NC V4.X
RUGGEDCOM RMC8388NC V5.X
RUGGEDCOM RP110
RUGGEDCOM RP110NC
RUGGEDCOM RS1600
RUGGEDCOM RS1600F
RUGGEDCOM RS1600FNC
RUGGEDCOM RS1600NC
RUGGEDCOM RS1600T
RUGGEDCOM RS1600TNC
RUGGEDCOM RS400
RUGGEDCOM RS400F
RUGGEDCOM RS400NC
RUGGEDCOM RS401
RUGGEDCOM RS401NC
RUGGEDCOM RS416
RUGGEDCOM RS416F
RUGGEDCOM RS416NC
RUGGEDCOM RS416NCv2 V4.X
RUGGEDCOM RS416NCv2 V5.X
RUGGEDCOM RS416P
RUGGEDCOM RS416PF
RUGGEDCOM RS416PNC
RUGGEDCOM RS416PNCv2 V4.X
RUGGEDCOM RS416PNCv2 V5.X
RUGGEDCOM RS416Pv2 V4.X
RUGGEDCOM RS416Pv2 V5.X
RUGGEDCOM RS416v2 V4.X
RUGGEDCOM RS416v2 V5.X
RUGGEDCOM RS8000
RUGGEDCOM RS8000A
RUGGEDCOM RS8000ANC
RUGGEDCOM RS8000H
RUGGEDCOM RS8000HNC
RUGGEDCOM RS8000NC
RUGGEDCOM RS8000T
RUGGEDCOM RS8000TNC
RUGGEDCOM RS900
RUGGEDCOM RS900 (32M) V4.X
RUGGEDCOM RS900 (32M) V5.X
RUGGEDCOM RS900F
RUGGEDCOM RS900G
RUGGEDCOM RS900G (32M) V4.X
RUGGEDCOM RS900G (32M) V5.X
RUGGEDCOM RS900GF
RUGGEDCOM RS900GNC
RUGGEDCOM RS900GNC(32M) V4.X
RUGGEDCOM RS900GNC(32M) V5.X
RUGGEDCOM RS900GP
RUGGEDCOM RS900GPF
RUGGEDCOM RS900GPNC
RUGGEDCOM RS900L
RUGGEDCOM RS900LNC
RUGGEDCOM RS900M-GETS-C01
RUGGEDCOM RS900M-GETS-XX
RUGGEDCOM RS900M-STND-C01
RUGGEDCOM RS900M-STND-XX
RUGGEDCOM RS900MNC-GETS-C01
RUGGEDCOM RS900MNC-GETS-XX
RUGGEDCOM RS900MNC-STND-XX
RUGGEDCOM RS900MNC-STND-XX-C01
RUGGEDCOM RS900NC
RUGGEDCOM RS900NC(32M) V4.X
RUGGEDCOM RS900NC(32M) V5.X
RUGGEDCOM RS900W
RUGGEDCOM RS910
RUGGEDCOM RS910L
RUGGEDCOM RS910LNC
RUGGEDCOM RS910NC
RUGGEDCOM RS910W
RUGGEDCOM RS920L
RUGGEDCOM RS920LNC
RUGGEDCOM RS920W
RUGGEDCOM RS930L
RUGGEDCOM RS930LNC
RUGGEDCOM RS930W
RUGGEDCOM RS940G
RUGGEDCOM RS940GF
RUGGEDCOM RS940GNC
RUGGEDCOM RS969
RUGGEDCOM RS969NC
RUGGEDCOM RSG2100
RUGGEDCOM RSG2100 (32M) V4.X
RUGGEDCOM RSG2100 (32M) V5.X
RUGGEDCOM RSG2100F
RUGGEDCOM RSG2100NC
RUGGEDCOM RSG2100NC(32M) V4.X
RUGGEDCOM RSG2100NC(32M) V5.X
RUGGEDCOM RSG2100P
RUGGEDCOM RSG2100P (32M) V4.X
RUGGEDCOM RSG2100P (32M) V5.X
RUGGEDCOM RSG2100PF
RUGGEDCOM RSG2100PNC
RUGGEDCOM RSG2100PNC (32M) V4.X
RUGGEDCOM RSG2100PNC (32M) V5.X
RUGGEDCOM RSG2200
RUGGEDCOM RSG2200F
RUGGEDCOM RSG2200NC
RUGGEDCOM RSG2288 V4.X
RUGGEDCOM RSG2288 V5.X
RUGGEDCOM RSG2288NC V4.X
RUGGEDCOM RSG2288NC V5.X
RUGGEDCOM RSG2300 V4.X
RUGGEDCOM RSG2300 V5.X
RUGGEDCOM RSG2300F
RUGGEDCOM RSG2300NC V4.X
RUGGEDCOM RSG2300NC V5.X
RUGGEDCOM RSG2300P V4.X
RUGGEDCOM RSG2300P V5.X
RUGGEDCOM RSG2300PF
RUGGEDCOM RSG2300PNC V4.X
RUGGEDCOM RSG2300PNC V5.X
RUGGEDCOM RSG2488 V4.X
RUGGEDCOM RSG2488 V5.X
RUGGEDCOM RSG2488F
RUGGEDCOM RSG2488NC V4.X
RUGGEDCOM RSG2488NC V5.X
RUGGEDCOM RSG907R
RUGGEDCOM RSG908C
RUGGEDCOM RSG909R
RUGGEDCOM RSG910C
RUGGEDCOM RSG920P V4.X
RUGGEDCOM RSG920P V5.X
RUGGEDCOM RSG920PNC V4.X
RUGGEDCOM RSG920PNC V5.X
RUGGEDCOM RSL910
RUGGEDCOM RSL910NC
RUGGEDCOM RST2228
RUGGEDCOM RST2228P
RUGGEDCOM RST916C
RUGGEDCOM RST916P

Versions: Multiple versions including V4.X and V5.X series

Operating Systems: Embedded industrial OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in web server configuration pages. Requires attacker to have privileged access to the web interface.

📦 What is this software?

Ruggedcom Ros by Siemens

View all CVEs affecting Ruggedcom Ros →

Ruggedcom Ros by Siemens

View all CVEs affecting Ruggedcom Ros →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged attacker steals administrator credentials, gains full control of industrial network devices, and potentially disrupts critical infrastructure operations.

🟠

Likely Case

Privileged attacker steals session cookies or sensitive configuration data, leading to unauthorized access and potential device manipulation.

🟢

If Mitigated

Attack limited to information disclosure without ability to execute commands or modify configurations.

🌐 Internet-Facing: HIGH - If devices are exposed to the internet, attackers can exploit this vulnerability remotely.

🏢 Internal Only: HIGH - Even internally, privileged attackers can exploit this to compromise industrial control systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires privileged access to the web interface. Once access is obtained, XSS payload injection is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Siemens advisory for specific firmware updates

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-256353.html

Restart Required: Yes

Instructions:

1. Identify affected RUGGEDCOM devices
2. Check Siemens advisory SSA-256353 for specific firmware updates
3. Download appropriate firmware from Siemens support portal
4. Backup device configuration
5. Apply firmware update following vendor instructions
6. Restart device
7. Verify update and restore configuration

🔧 Temporary Workarounds

Disable Web Interface

all

Disable web management interface if not required for operations

Consult device documentation for web interface disable commands

Network Segmentation

all

Restrict access to web interface using network controls

Configure firewall rules to limit access to trusted IPs only

🧯 If You Can't Patch

Implement strict network segmentation to isolate RUGGEDCOM devices
Use application firewalls with XSS protection rules
Monitor for suspicious web interface activity
Implement strong authentication and session management controls

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against affected versions listed in Siemens advisory SSA-256353

Check Version:

Check device web interface or CLI for firmware version (varies by model)

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in Siemens advisory

📡 Detection & Monitoring

Log Indicators:

Unusual web interface access patterns
Multiple failed login attempts followed by successful access
Suspicious JavaScript or HTML payloads in web logs

Network Indicators:

Unusual traffic to web management ports (typically 80/443)
Requests containing XSS payload patterns

SIEM Query:

source="RUGGEDCOM" AND (http_request CONTAINS "<script>" OR http_request CONTAINS "javascript:" OR http_request CONTAINS "onerror=" OR http_request CONTAINS "onload=")

📊 Metadata

CVE ID: CVE-2021-37208

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

CWE: CWE-79

Published: March 8, 2022

Last Updated: August 12, 2025

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-256353.html
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Patch,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37208, you might also want to check these: