CVE-2025-41223 in RUGGEDCOM i800info

Summary

by MITRE • 07/08/2025

A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M969 (All versions), RUGGEDCOM RMC30 (All versions), RUGGEDCOM RMC8388 V4.X (All versions), RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RP110 (All versions), RUGGEDCOM RS1600 (All versions), RUGGEDCOM RS1600F (All versions), RUGGEDCOM RS1600T (All versions), RUGGEDCOM RS400 (All versions), RUGGEDCOM RS401 (All versions), RUGGEDCOM RS416 (All versions), RUGGEDCOM RS416P (All versions), RUGGEDCOM RS416Pv2 V4.X (All versions), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V4.X (All versions), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS8000 (All versions), RUGGEDCOM RS8000A (All versions), RUGGEDCOM RS8000H (All versions), RUGGEDCOM RS8000T (All versions), RUGGEDCOM RS900 (All versions), RUGGEDCOM RS900 (32M) V4.X (All versions), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (All versions), RUGGEDCOM RS900G (32M) V4.X (All versions), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GP (All versions), RUGGEDCOM RS900L (All versions), RUGGEDCOM RS900M-GETS-C01 (All versions), RUGGEDCOM RS900M-GETS-XX (All versions), RUGGEDCOM RS900M-STND-C01 (All versions), RUGGEDCOM RS900M-STND-XX (All versions), RUGGEDCOM RS900W (All versions), RUGGEDCOM RS910 (All versions), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910W (All versions), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920W (All versions), RUGGEDCOM RS930L (All versions), RUGGEDCOM RS930W (All versions), RUGGEDCOM RS940G (All versions), RUGGEDCOM RS969 (All versions), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (All versions), RUGGEDCOM RSG2100P (32M) V4.X (All versions), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2200 (All versions), RUGGEDCOM RSG2288 V4.X (All versions), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V4.X (All versions), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V4.X (All versions), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V4.X (All versions), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V4.X (All versions), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected devices support the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite, which uses CBC (Cipher Block Chaining) mode that is known to be vulnerable to timing attacks. This could allow an attacker to compromise the integrity and confidentiality of encrypted communications.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/08/2025

The vulnerability identified as CVE-2025-41223 affects a broad range of RUGGEDCOM industrial networking devices across multiple product lines including i800, i801, i802, i803, M2100, M2200, M969, RMC30, RMC8388, RP110, RS1600, RS1600F, RS1600T, RS400, RS401, RS416, RS416P, RS416Pv2, RS416v2, RS8000, RS8000A, RS8000H, RS8000T, RS900, RS900G, RS900GP, RS900L, RS900M, RS900W, RS910, RS910L, RS910W, RS920L, RS920W, RS930L, RS930W, RS940G, RS969, RSG2100, RSG2100P, RSG2200, RSG2288, RSG2300, RSG2300P, RSG2488, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSL910, RST2228, RST2228P, RST916C, and RST916P series. These devices are designed for industrial environments and are commonly deployed in critical infrastructure applications where secure communications are essential. The vulnerability stems from the implementation of the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite, which utilizes the Cipher Block Chaining mode for encryption. This specific cipher suite combination presents a significant security risk due to its susceptibility to timing attacks as documented in the CWE-310 security weakness classification. The use of CBC mode in conjunction with the SHA-256 hash function creates a vulnerable configuration that can be exploited by attackers to perform cryptographic attacks that compromise the confidentiality and integrity of encrypted communications. The vulnerability is particularly concerning because it affects multiple generations of RUGGEDCOM devices, suggesting a systemic issue within the firmware implementations across these product lines.

The technical flaw lies in the cryptographic implementation where the device employs the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite, which combines elliptic curve Diffie-Hellman key exchange with ECDSA authentication and AES-128 in CBC mode. The CBC mode is inherently vulnerable to timing attacks because the decryption process is susceptible to timing variations that can leak information about the plaintext. This vulnerability is categorized under CWE-310, which specifically addresses weaknesses in cryptographic implementations related to timing attacks. The attack vector is particularly relevant in network environments where attackers can monitor communication patterns and timing characteristics to infer cryptographic information. The vulnerability is not limited to a single device model but affects all versions of the listed RUGGEDCOM products, indicating that the cryptographic implementation is consistent across the product line and not a localized issue. The specific cipher suite choice is problematic because it combines legacy cryptographic elements with modern security requirements, creating a mismatch that exposes the system to well-known attacks such as the BEAST attack and other timing-based cryptographic vulnerabilities.

The operational impact of this vulnerability is significant for organizations relying on these industrial networking devices for critical infrastructure protection. The compromise of encrypted communications could lead to unauthorized access to sensitive operational data, disruption of industrial control systems, and potential compromise of physical security measures. Organizations using these devices in industrial environments such as power grids, water treatment facilities, manufacturing plants, and transportation systems face a heightened risk of cyber attacks that could cause operational disruptions or safety hazards. The vulnerability affects both the confidentiality and integrity of communications, meaning that attackers could potentially intercept and modify data transmitted between industrial control systems and monitoring equipment. This is particularly concerning in environments where these devices are used for secure communication between field devices and central control systems, as the compromise could lead to unauthorized control of industrial processes or leakage of proprietary operational information. The widespread nature of the vulnerability across multiple device models increases the potential attack surface and makes remediation efforts more complex for affected organizations.

Mitigation strategies for this vulnerability should focus on immediate firmware updates from RUGGEDCOM to address the cryptographic implementation issue. Organizations should also consider implementing network segmentation to limit the potential impact of any successful attacks and deploy additional monitoring solutions to detect anomalous communication patterns that might indicate exploitation attempts. The recommended approach includes disabling the vulnerable cipher suite and implementing stronger cryptographic configurations that do not use CBC mode for encryption. Security teams should also conduct thorough risk assessments to identify all affected devices within their networks and prioritize remediation efforts based on the criticality of the systems involved. According to ATT&CK framework, this vulnerability could be exploited through techniques such as credential access and defense evasion, particularly when attackers attempt to establish persistent access to industrial control systems. Organizations should also consider implementing network intrusion detection systems that can identify attempts to exploit timing-based cryptographic vulnerabilities and ensure that all communications between industrial devices are monitored for potential signs of compromise. The remediation process should also include verification of the updated firmware implementations to ensure that the vulnerable cipher suite has been properly disabled and that the devices are now using more secure cryptographic configurations that do not expose them to timing attacks.

Responsible

Siemens

Reservation

04/16/2025

Disclosure

07/08/2025

Moderation

accepted

CPE

ready

EPSS

0.00116

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!