Multiple vulnerabilities in Siemens RUGGEDCOM ROX devices
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 21 |
| CVE-ID | CVE-2022-1292 CVE-2022-32207 CVE-2022-27782 CVE-2022-27781 CVE-2022-22576 CVE-2021-22946 CVE-2022-2068 CVE-2022-24903 CVE-2022-29561 CVE-2022-29562 CVE-2023-36386 CVE-2023-36389 CVE-2023-36390 CVE-2023-36748 CVE-2023-36749 CVE-2023-36750 CVE-2023-36751 CVE-2023-36752 CVE-2023-36753 CVE-2023-36754 CVE-2023-36755 |
| CWE-ID | CWE-78 CWE-276 CWE-303 CWE-835 CWE-287 CWE-319 CWE-122 CWE-352 CWE-20 CWE-79 CWE-326 CWE-327 CWE-77 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
RUGGEDCOM ROX RX5000 Hardware solutions / Firmware RUGGEDCOM ROX RX1536 Hardware solutions / Firmware RUGGEDCOM ROX RX1524 Hardware solutions / Firmware RUGGEDCOM ROX RX1512 Hardware solutions / Firmware RUGGEDCOM ROX RX1511 Hardware solutions / Firmware RUGGEDCOM ROX RX1510 Hardware solutions / Firmware RUGGEDCOM ROX RX1501 Hardware solutions / Firmware RUGGEDCOM ROX RX1500 Hardware solutions / Firmware RUGGEDCOM ROX RX1400 Hardware solutions / Firmware RUGGEDCOM ROX MX5000RE Hardware solutions / Firmware RUGGEDCOM ROX MX5000 Hardware solutions / Firmware |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 21 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU62765
Risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-1292
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Incorrect default permissions
EUVDB-ID: #VU64684
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32207
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect default permissions set to cookies, alt-svc and hsts data stored in local files. A local user with ability to read such files can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect Implementation of Authentication Algorithm
EUVDB-ID: #VU63009
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27782
CWE-ID:
CWE-303 - Incorrect Implementation of Authentication Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU63008
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27781
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling requests with the CURLOPT_CERTINFO option. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Authentication
EUVDB-ID: #VU62640
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22576
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.
A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cleartext transmission of sensitive information
EUVDB-ID: #VU56613
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22946
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error, related to incorrect enforcement of the --ssl-reqd option on the command line or CURLOPT_USE_SSL setting set to CURLUSESSL_CONTROL or CURLUSESSL_ALL with libcurl. A remote attacker with control over the IMAP, POP3 or FTP server can send a specially crafted but perfectly legitimate response to the libcurl client and force it silently to continue its operations without TLS encryption and transmit data in clear text over the network.
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) OS Command Injection
EUVDB-ID: #VU64559
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2068
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU62830
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24903
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service or potentially execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing data in imtcp, imptcp, imgssapi, and imhttp modules used for TCP syslog reception. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service or potentially execute arbitrary code on the target system.
Successful exploitation of this vulnerability is possible if the attacker is able to directly send specially crafted messages to the rsyslog daemon or by injecting specially crafted data into log files. Vulnerability exploitation in the second scenario requires that the rsyslog client supports octet-counted framing, which is not a default configuration.
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Cross-site request forgery
EUVDB-ID: #VU78310
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-29561
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU78311
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-29562
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP packet and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Cross-site scripting
EUVDB-ID: #VU78312
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36386
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the web interface. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Cross-site scripting
EUVDB-ID: #VU78313
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36389
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the web interface. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Cross-site scripting
EUVDB-ID: #VU78314
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36390
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the web interface. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Inadequate Encryption Strength
EUVDB-ID: #VU78315
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36748
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected devices are configured to offer weak ciphers by default. A remote attacker on the local network can perform a man-in-the-middle attack to read and modify any data passed over to and from the affected device.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU78316
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36749
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the webserver of the affected devices support insecure TLS 1.0 protocol. A remote attacker can perform a man-in-the-middle attack and compromise confidentiality and integrity of data.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Command Injection
EUVDB-ID: #VU78317
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36750
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation within the software-upgrade Url parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Command Injection
EUVDB-ID: #VU78318
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36751
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation within the install-app URL parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Command Injection
EUVDB-ID: #VU78319
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36752
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation within the upgrade-app URL parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Command Injection
EUVDB-ID: #VU78320
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36753
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation within the uninstall-app App-name parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Command Injection
EUVDB-ID: #VU78321
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36754
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation within the SCEP server configuration URL parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Command Injection
EUVDB-ID: #VU78322
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36755
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation within the SCEP CA Certificate Name parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM ROX RX5000: before 2.16.0
RUGGEDCOM ROX RX1536: before 2.16.0
RUGGEDCOM ROX RX1524: before 2.16.0
RUGGEDCOM ROX RX1512: before 2.16.0
RUGGEDCOM ROX RX1511: before 2.16.0
RUGGEDCOM ROX RX1510: before 2.16.0
RUGGEDCOM ROX RX1501: before 2.16.0
RUGGEDCOM ROX RX1500: before 2.16.0
RUGGEDCOM ROX RX1400: before 2.16.0
RUGGEDCOM ROX MX5000RE: before 2.16.0
RUGGEDCOM ROX MX5000: before 2.16.0
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-146325.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
