#VU56674 Permissions, Privileges, and Access Controls in Hardware solutions
Vulnerability identifier: #VU56674
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
RUGGEDCOM ROX MX5000
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1400
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1500
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1501
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1510
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1511
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1512
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1524
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1536
Hardware solutions /
Firmware
RUGGEDCOM ROX RX5000
Hardware solutions /
Firmware
Vendor:
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the affected devices do not properly handle permissions to traverse the file system. A remote authenticated attacker can gain access to an overview of the overview of the complete file system on the affected devices.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
