#VU109890 Client-Side Enforcement of Server-Side Security in Siemens products - CVE-2025-33024
Published: May 28, 2025
Vulnerability identifier: #VU109890
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-33024
CWE-ID: CWE-602
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RUGGEDCOM ROX MX5000
RUGGEDCOM ROX MX5000RE
RUGGEDCOM ROX RX1400
RUGGEDCOM ROX RX1500
RUGGEDCOM ROX RX1501
RUGGEDCOM ROX RX1510
RUGGEDCOM ROX RX1511
RUGGEDCOM ROX RX1512
RUGGEDCOM ROX RX1524
RUGGEDCOM ROX RX1536
RUGGEDCOM ROX RX5000
RUGGEDCOM ROX MX5000
RUGGEDCOM ROX MX5000RE
RUGGEDCOM ROX RX1400
RUGGEDCOM ROX RX1500
RUGGEDCOM ROX RX1501
RUGGEDCOM ROX RX1510
RUGGEDCOM ROX RX1511
RUGGEDCOM ROX RX1512
RUGGEDCOM ROX RX1524
RUGGEDCOM ROX RX1536
RUGGEDCOM ROX RX5000
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient server-side validation in the "tcpdump" tool. A remote user can execute arbitrary code with root privileges.
Remediation
Install updates from vendor's website.