Multiple vulnerabilities in Siemens RUGGEDCOM ROX devices



Risk High
Patch available YES
Number of vulnerabilities 21
CVE-ID CVE-2022-1292
CVE-2022-32207
CVE-2022-27782
CVE-2022-27781
CVE-2022-22576
CVE-2021-22946
CVE-2022-2068
CVE-2022-24903
CVE-2022-29561
CVE-2022-29562
CVE-2023-36386
CVE-2023-36389
CVE-2023-36390
CVE-2023-36748
CVE-2023-36749
CVE-2023-36750
CVE-2023-36751
CVE-2023-36752
CVE-2023-36753
CVE-2023-36754
CVE-2023-36755
CWE-ID CWE-78
CWE-276
CWE-303
CWE-835
CWE-287
CWE-319
CWE-122
CWE-352
CWE-20
CWE-79
CWE-326
CWE-327
CWE-77
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
RUGGEDCOM ROX RX5000
Hardware solutions / Firmware

RUGGEDCOM ROX RX1536
Hardware solutions / Firmware

RUGGEDCOM ROX RX1524
Hardware solutions / Firmware

RUGGEDCOM ROX RX1512
Hardware solutions / Firmware

RUGGEDCOM ROX RX1511
Hardware solutions / Firmware

RUGGEDCOM ROX RX1510
Hardware solutions / Firmware

RUGGEDCOM ROX RX1501
Hardware solutions / Firmware

RUGGEDCOM ROX RX1500
Hardware solutions / Firmware

RUGGEDCOM ROX RX1400
Hardware solutions / Firmware

RUGGEDCOM ROX MX5000RE
Hardware solutions / Firmware

RUGGEDCOM ROX MX5000
Hardware solutions / Firmware

Vendor Siemens

Security Bulletin

This security bulletin contains information about 21 vulnerabilities.

1) OS Command Injection

EUVDB-ID: #VU62765

Risk: Medium

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-1292

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.


Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Incorrect default permissions

EUVDB-ID: #VU64684

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32207

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions set to cookies, alt-svc and hsts data stored in local files. A local user with ability to read such files can gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Incorrect Implementation of Authentication Algorithm

EUVDB-ID: #VU63009

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27782

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Infinite loop

EUVDB-ID: #VU63008

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27781

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling requests with the CURLOPT_CERTINFO option. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Authentication

EUVDB-ID: #VU62640

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22576

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.

A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.


Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Cleartext transmission of sensitive information

EUVDB-ID: #VU56613

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22946

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error, related to incorrect enforcement of the --ssl-reqd option on the command line or CURLOPT_USE_SSL setting set to CURLUSESSL_CONTROL or CURLUSESSL_ALL with libcurl. A remote attacker with control over the IMAP, POP3 or FTP server can send a specially crafted but perfectly legitimate response to the libcurl client and force it silently to continue its operations without TLS encryption and transmit data in clear text over the network.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) OS Command Injection

EUVDB-ID: #VU64559

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2068

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Heap-based buffer overflow

EUVDB-ID: #VU62830

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24903

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service or potentially execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when parsing data in imtcp, imptcp, imgssapi, and imhttp modules used for TCP syslog reception. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service or potentially execute arbitrary code on the target system.

Successful exploitation of this vulnerability is possible if the attacker is able to directly send specially crafted messages to the rsyslog daemon or by injecting specially crafted data into log files. Vulnerability exploitation in the second scenario requires that the rsyslog client supports octet-counted framing, which is not a default configuration.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Cross-site request forgery

EUVDB-ID: #VU78310

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29561

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU78311

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29562

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP packet and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Cross-site scripting

EUVDB-ID: #VU78312

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36386

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web interface. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Cross-site scripting

EUVDB-ID: #VU78313

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36389

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web interface. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Cross-site scripting

EUVDB-ID: #VU78314

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36390

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web interface. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Inadequate Encryption Strength

EUVDB-ID: #VU78315

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36748

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected devices are configured to offer weak ciphers by default. A remote attacker on the local network can perform a man-in-the-middle attack to read and modify any data passed over to and from the affected device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU78316

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36749

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the webserver of the affected devices support insecure TLS 1.0 protocol. A remote attacker can perform a man-in-the-middle attack and compromise confidentiality and integrity of data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Command Injection

EUVDB-ID: #VU78317

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36750

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation within the software-upgrade Url parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Command Injection

EUVDB-ID: #VU78318

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36751

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation within the install-app URL parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Command Injection

EUVDB-ID: #VU78319

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36752

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation within the upgrade-app URL parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Command Injection

EUVDB-ID: #VU78320

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36753

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation within the uninstall-app App-name parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Command Injection

EUVDB-ID: #VU78321

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36754

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation within the SCEP server configuration URL parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Command Injection

EUVDB-ID: #VU78322

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36755

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation within the SCEP CA Certificate Name parameter in the web interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RUGGEDCOM ROX RX5000: before 2.16.0

RUGGEDCOM ROX RX1536: before 2.16.0

RUGGEDCOM ROX RX1524: before 2.16.0

RUGGEDCOM ROX RX1512: before 2.16.0

RUGGEDCOM ROX RX1511: before 2.16.0

RUGGEDCOM ROX RX1510: before 2.16.0

RUGGEDCOM ROX RX1501: before 2.16.0

RUGGEDCOM ROX RX1500: before 2.16.0

RUGGEDCOM ROX RX1400: before 2.16.0

RUGGEDCOM ROX MX5000RE: before 2.16.0

RUGGEDCOM ROX MX5000: before 2.16.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-146325.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###