{ "schema_version": "1.4.0", "id": "GHSA-4rqg-f28v-3gvx", "modified": "2025-08-12T12:30:31Z", "published": "2022-03-09T00:00:46Z", "aliases": [ "CVE-2021-42016" ], "details": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). A timing attack in a third-party component could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42016" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf" } ], "database_specific": { "cwe_ids": [ "CWE-203", "CWE-208" ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-03-08T12:15:00Z" } }