All the vulnerabilites related to Siemens - RUGGEDCOM ROX MX5000RE
cve-2023-36753
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:20.117Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36753", "datePublished": "2023-07-11T09:07:20.117Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-08-02T16:52:54.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36748
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.437Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-326", "description": "CWE-326: Inadequate Encryption Strength", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:14.689Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36748", "datePublished": "2023-07-11T09:07:14.689Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-08-02T16:52:54.437Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29561
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:05.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:06:58.988Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29561", "datePublished": "2023-07-11T09:06:58.988Z", "dateReserved": "2022-04-21T13:34:15.980Z", "dateUpdated": "2024-08-03T06:26:05.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36755
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.103Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:22.285Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36755", "datePublished": "2023-07-11T09:07:22.285Z", "dateReserved": "2023-06-27T11:37:08.704Z", "dateUpdated": "2024-08-02T16:52:54.103Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36749
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-327", "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:15.754Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36749", "datePublished": "2023-07-11T09:07:15.754Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-08-02T16:52:54.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36386
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:45:56.712Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36386", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T21:06:52.736344Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T21:10:35.826Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n\u201cinvalid params element name\u201d error on the get_elements parameters." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:10.369Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36386", "datePublished": "2023-07-11T09:07:10.369Z", "dateReserved": "2023-06-21T13:10:13.218Z", "dateUpdated": "2024-10-21T21:10:35.826Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36751
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:17.921Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36751", "datePublished": "2023-07-11T09:07:17.921Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-08-02T16:52:54.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36390
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:45:56.373Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36390", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T21:06:50.284040Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T21:10:21.036Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:12.557Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36390", "datePublished": "2023-07-11T09:07:12.557Z", "dateReserved": "2023-06-21T14:46:26.354Z", "dateUpdated": "2024-10-21T21:10:21.036Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36754
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.240Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:21.194Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36754", "datePublished": "2023-07-11T09:07:21.194Z", "dateReserved": "2023-06-27T11:37:08.704Z", "dateUpdated": "2024-08-02T16:52:54.240Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36750
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:16.822Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36750", "datePublished": "2023-07-11T09:07:16.822Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-08-02T16:52:54.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29562
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:06.059Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:00.397Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29562", "datePublished": "2023-07-11T09:07:00.397Z", "dateReserved": "2022-04-21T13:34:15.980Z", "dateUpdated": "2024-08-03T06:26:06.059Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36389
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:45:56.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36389", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T21:06:51.541223Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T21:10:27.428Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an \u201cinvalid path\u201d error." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:11.475Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36389", "datePublished": "2023-07-11T09:07:11.475Z", "dateReserved": "2023-06-21T14:31:54.523Z", "dateUpdated": "2024-10-21T21:10:27.428Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29560
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:06.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-12T10:06:38", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-29560", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "RUGGEDCOM ROX MX5000", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX MX5000RE", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1400", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1500", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1501", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1510", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1511", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1512", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1524", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1536", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX5000", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29560", "datePublished": "2022-07-12T10:06:38", "dateReserved": "2022-04-21T00:00:00", "dateUpdated": "2024-08-03T06:26:06.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36752
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.242Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:19.000Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36752", "datePublished": "2023-07-11T09:07:19.000Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-08-02T16:52:54.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202307-0588
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.
Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0588", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60611" }, { "db": "JVNDB", "id": "JVNDB-2023-021735" }, { "db": "NVD", "id": "CVE-2023-36750" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36750" } ] }, "cve": "CVE-2023-36750", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2023-60611", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.3, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-36750", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36750", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36750", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2023-60611", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202307-736", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60611" }, { "db": "JVNDB", "id": "JVNDB-2023-021735" }, { "db": "CNNVD", "id": "CNNVD-202307-736" }, { "db": "NVD", "id": "CVE-2023-36750" }, { "db": "NVD", "id": "CVE-2023-36750" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation", "sources": [ { "db": "NVD", "id": "CVE-2023-36750" }, { "db": "JVNDB", "id": "JVNDB-2023-021735" }, { "db": "CNVD", "id": "CNVD-2023-60611" }, { "db": "VULMON", "id": "CVE-2023-36750" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36750", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021735", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-60611", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-736", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36750", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60611" }, { "db": "VULMON", "id": "CVE-2023-36750" }, { "db": "JVNDB", "id": "JVNDB-2023-021735" }, { "db": "CNNVD", "id": "CNNVD-202307-736" }, { "db": "NVD", "id": "CVE-2023-36750" } ] }, "id": "VAR-202307-0588", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-60611" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60611" } ] }, "last_update_date": "2024-01-21T19:47:26.736000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60611)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/449061" }, { "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246659" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60611" }, { "db": "CNNVD", "id": "CNNVD-202307-736" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "Command injection (CWE-77) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021735" }, { "db": "NVD", "id": "CVE-2023-36750" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36750" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36750/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60611" }, { "db": "VULMON", "id": "CVE-2023-36750" }, { "db": "JVNDB", "id": "JVNDB-2023-021735" }, { "db": "CNNVD", "id": "CNNVD-202307-736" }, { "db": "NVD", "id": "CVE-2023-36750" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-60611" }, { "db": "VULMON", "id": "CVE-2023-36750" }, { "db": "JVNDB", "id": "JVNDB-2023-021735" }, { "db": "CNNVD", "id": "CNNVD-202307-736" }, { "db": "NVD", "id": "CVE-2023-36750" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60611" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36750" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021735" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-736" }, { "date": "2023-07-11T10:15:11.170000", "db": "NVD", "id": "CVE-2023-36750" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60611" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36750" }, { "date": "2024-01-19T08:07:00", "db": "JVNDB", "id": "JVNDB-2023-021735" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-736" }, { "date": "2023-07-18T18:28:19.370000", "db": "NVD", "id": "CVE-2023-36750" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-736" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Command injection vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021735" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-736" } ], "trust": 0.6 } }
var-202307-0585
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the action parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0585", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55709" }, { "db": "JVNDB", "id": "JVNDB-2023-021749" }, { "db": "NVD", "id": "CVE-2023-36390" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36390" } ] }, "cve": "CVE-2023-36390", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2023-55709", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2023-36390", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36390", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36390", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2023-55709", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202307-741", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55709" }, { "db": "JVNDB", "id": "JVNDB-2023-021749" }, { "db": "CNNVD", "id": "CNNVD-202307-741" }, { "db": "NVD", "id": "CVE-2023-36390" }, { "db": "NVD", "id": "CVE-2023-36390" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments", "sources": [ { "db": "NVD", "id": "CVE-2023-36390" }, { "db": "JVNDB", "id": "JVNDB-2023-021749" }, { "db": "CNVD", "id": "CNVD-2023-55709" }, { "db": "VULMON", "id": "CVE-2023-36390" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36390", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021749", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-55709", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-741", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36390", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55709" }, { "db": "VULMON", "id": "CVE-2023-36390" }, { "db": "JVNDB", "id": "JVNDB-2023-021749" }, { "db": "CNNVD", "id": "CNNVD-202307-741" }, { "db": "NVD", "id": "CVE-2023-36390" } ] }, "id": "VAR-202307-0585", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-55709" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55709" } ] }, "last_update_date": "2024-01-21T22:02:17.088000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55709)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/440301" }, { "title": "Siemens RUGGEDCOM ROX A series of products Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246663" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55709" }, { "db": "CNNVD", "id": "CNNVD-202307-741" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021749" }, { "db": "NVD", "id": "CVE-2023-36390" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36390" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36390/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55709" }, { "db": "VULMON", "id": "CVE-2023-36390" }, { "db": "JVNDB", "id": "JVNDB-2023-021749" }, { "db": "CNNVD", "id": "CNNVD-202307-741" }, { "db": "NVD", "id": "CVE-2023-36390" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-55709" }, { "db": "VULMON", "id": "CVE-2023-36390" }, { "db": "JVNDB", "id": "JVNDB-2023-021749" }, { "db": "CNNVD", "id": "CNNVD-202307-741" }, { "db": "NVD", "id": "CVE-2023-36390" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55709" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36390" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021749" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-741" }, { "date": "2023-07-11T10:15:10.827000", "db": "NVD", "id": "CVE-2023-36390" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55709" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36390" }, { "date": "2024-01-19T08:08:00", "db": "JVNDB", "id": "JVNDB-2023-021749" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-741" }, { "date": "2023-07-18T16:53:10.417000", "db": "NVD", "id": "CVE-2023-36390" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-741" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021749" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-741" } ], "trust": 0.6 } }
var-202307-0591
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.
Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0591", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60610" }, { "db": "JVNDB", "id": "JVNDB-2023-021734" }, { "db": "NVD", "id": "CVE-2023-36751" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36751" } ] }, "cve": "CVE-2023-36751", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2023-60610", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.3, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-36751", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36751", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36751", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2023-60610", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202307-735", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60610" }, { "db": "JVNDB", "id": "JVNDB-2023-021734" }, { "db": "CNNVD", "id": "CNNVD-202307-735" }, { "db": "NVD", "id": "CVE-2023-36751" }, { "db": "NVD", "id": "CVE-2023-36751" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation", "sources": [ { "db": "NVD", "id": "CVE-2023-36751" }, { "db": "JVNDB", "id": "JVNDB-2023-021734" }, { "db": "CNVD", "id": "CNVD-2023-60610" }, { "db": "VULMON", "id": "CVE-2023-36751" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36751", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021734", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-60610", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-735", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36751", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60610" }, { "db": "VULMON", "id": "CVE-2023-36751" }, { "db": "JVNDB", "id": "JVNDB-2023-021734" }, { "db": "CNNVD", "id": "CNNVD-202307-735" }, { "db": "NVD", "id": "CVE-2023-36751" } ] }, "id": "VAR-202307-0591", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-60610" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60610" } ] }, "last_update_date": "2024-01-21T21:43:43.822000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60610)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/449056" }, { "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246658" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60610" }, { "db": "CNNVD", "id": "CNNVD-202307-735" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "Command injection (CWE-77) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021734" }, { "db": "NVD", "id": "CVE-2023-36751" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36751" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36751/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60610" }, { "db": "VULMON", "id": "CVE-2023-36751" }, { "db": "JVNDB", "id": "JVNDB-2023-021734" }, { "db": "CNNVD", "id": "CNNVD-202307-735" }, { "db": "NVD", "id": "CVE-2023-36751" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-60610" }, { "db": "VULMON", "id": "CVE-2023-36751" }, { "db": "JVNDB", "id": "JVNDB-2023-021734" }, { "db": "CNNVD", "id": "CNNVD-202307-735" }, { "db": "NVD", "id": "CVE-2023-36751" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60610" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36751" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021734" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-735" }, { "date": "2023-07-11T10:15:11.233000", "db": "NVD", "id": "CVE-2023-36751" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60610" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36751" }, { "date": "2024-01-19T08:07:00", "db": "JVNDB", "id": "JVNDB-2023-021734" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-735" }, { "date": "2023-07-18T18:34:49.170000", "db": "NVD", "id": "CVE-2023-36751" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-735" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Command injection vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021734" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-735" } ], "trust": 0.6 } }
var-202307-0590
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0590", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60606" }, { "db": "JVNDB", "id": "JVNDB-2023-021730" }, { "db": "NVD", "id": "CVE-2023-36755" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36755" } ] }, "cve": "CVE-2023-36755", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2023-60606", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.3, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-36755", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36755", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36755", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2023-60606", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202307-731", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60606" }, { "db": "JVNDB", "id": "JVNDB-2023-021730" }, { "db": "CNNVD", "id": "CNNVD-202307-731" }, { "db": "NVD", "id": "CVE-2023-36755" }, { "db": "NVD", "id": "CVE-2023-36755" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments", "sources": [ { "db": "NVD", "id": "CVE-2023-36755" }, { "db": "JVNDB", "id": "JVNDB-2023-021730" }, { "db": "CNVD", "id": "CNVD-2023-60606" }, { "db": "VULMON", "id": "CVE-2023-36755" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36755", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021730", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-60606", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-731", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36755", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60606" }, { "db": "VULMON", "id": "CVE-2023-36755" }, { "db": "JVNDB", "id": "JVNDB-2023-021730" }, { "db": "CNNVD", "id": "CNNVD-202307-731" }, { "db": "NVD", "id": "CVE-2023-36755" } ] }, "id": "VAR-202307-0590", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-60606" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60606" } ] }, "last_update_date": "2024-01-21T21:45:18.357000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60606)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/449031" }, { "title": "Siemens RUGGEDCOM ROX Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246654" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60606" }, { "db": "CNNVD", "id": "CNNVD-202307-731" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "Command injection (CWE-77) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021730" }, { "db": "NVD", "id": "CVE-2023-36755" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36755" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36755/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60606" }, { "db": "VULMON", "id": "CVE-2023-36755" }, { "db": "JVNDB", "id": "JVNDB-2023-021730" }, { "db": "CNNVD", "id": "CNNVD-202307-731" }, { "db": "NVD", "id": "CVE-2023-36755" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-60606" }, { "db": "VULMON", "id": "CVE-2023-36755" }, { "db": "JVNDB", "id": "JVNDB-2023-021730" }, { "db": "CNNVD", "id": "CNNVD-202307-731" }, { "db": "NVD", "id": "CVE-2023-36755" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60606" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36755" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021730" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-731" }, { "date": "2023-07-11T10:15:11.490000", "db": "NVD", "id": "CVE-2023-36755" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60606" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36755" }, { "date": "2024-01-19T08:07:00", "db": "JVNDB", "id": "JVNDB-2023-021730" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-731" }, { "date": "2023-07-18T15:41:50.873000", "db": "NVD", "id": "CVE-2023-36755" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-731" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Command injection vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021730" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-731" } ], "trust": 0.6 } }
var-202207-0541
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user. RUGGEDCOM ROX RX1500 firmware, RUGGEDCOM ROX RX1501 firmware, RUGGEDCOM ROX RX1510 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0541", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.15.1" }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-013270" }, { "db": "NVD", "id": "CVE-2022-29560" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29560" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Michael Messner of Siemens Energy reported this vulnerability to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-839" } ], "trust": 0.6 }, "cve": "CVE-2022-29560", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2022-29560", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-29560", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29560", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202207-839", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-29560", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29560" }, { "db": "JVNDB", "id": "JVNDB-2022-013270" }, { "db": "NVD", "id": "CVE-2022-29560" }, { "db": "CNNVD", "id": "CNNVD-202207-839" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user. RUGGEDCOM ROX RX1500 firmware, RUGGEDCOM ROX RX1501 firmware, RUGGEDCOM ROX RX1510 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-29560" }, { "db": "JVNDB", "id": "JVNDB-2022-013270" }, { "db": "VULMON", "id": "CVE-2022-29560" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29560", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-599506", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-22-195-05", "trust": 1.5 }, { "db": "JVN", "id": "JVNVU97764115", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-013270", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022071334", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-839", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29560", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29560" }, { "db": "JVNDB", "id": "JVNDB-2022-013270" }, { "db": "NVD", "id": "CVE-2022-29560" }, { "db": "CNNVD", "id": "CNNVD-202207-839" } ] }, "id": "VAR-202207-0541", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.52540106 }, "last_update_date": "2023-12-18T12:15:30.988000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens RUGGEDCOM ROX Repairs for Series Command Injection Vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201839" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-839" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "Command injection (CWE-77) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-013270" }, { "db": "NVD", "id": "CVE-2022-29560" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97764115/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29560" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-05" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071334" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-ruggedcom-rox-privilege-escalation-38774" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29560/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-05" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/77.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-05" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29560" }, { "db": "JVNDB", "id": "JVNDB-2022-013270" }, { "db": "NVD", "id": "CVE-2022-29560" }, { "db": "CNNVD", "id": "CNNVD-202207-839" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-29560" }, { "db": "JVNDB", "id": "JVNDB-2022-013270" }, { "db": "NVD", "id": "CVE-2022-29560" }, { "db": "CNNVD", "id": "CNNVD-202207-839" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2022-29560" }, { "date": "2023-09-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-013270" }, { "date": "2022-07-12T10:15:10.493000", "db": "NVD", "id": "CVE-2022-29560" }, { "date": "2022-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-839" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-19T00:00:00", "db": "VULMON", "id": "CVE-2022-29560" }, { "date": "2023-09-06T08:24:00", "db": "JVNDB", "id": "JVNDB-2022-013270" }, { "date": "2022-07-19T18:12:33.017000", "db": "NVD", "id": "CVE-2022-29560" }, { "date": "2022-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-839" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-839" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Command injection vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-013270" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-839" } ], "trust": 0.6 } }
var-202307-0593
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.
Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0593", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60609" }, { "db": "JVNDB", "id": "JVNDB-2023-021733" }, { "db": "NVD", "id": "CVE-2023-36752" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36752" } ] }, "cve": "CVE-2023-36752", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2023-60609", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.3, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-36752", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36752", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36752", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2023-60609", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202307-734", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60609" }, { "db": "JVNDB", "id": "JVNDB-2023-021733" }, { "db": "CNNVD", "id": "CNNVD-202307-734" }, { "db": "NVD", "id": "CVE-2023-36752" }, { "db": "NVD", "id": "CVE-2023-36752" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation", "sources": [ { "db": "NVD", "id": "CVE-2023-36752" }, { "db": "JVNDB", "id": "JVNDB-2023-021733" }, { "db": "CNVD", "id": "CNVD-2023-60609" }, { "db": "VULMON", "id": "CVE-2023-36752" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36752", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021733", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-60609", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-734", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36752", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60609" }, { "db": "VULMON", "id": "CVE-2023-36752" }, { "db": "JVNDB", "id": "JVNDB-2023-021733" }, { "db": "CNNVD", "id": "CNNVD-202307-734" }, { "db": "NVD", "id": "CVE-2023-36752" } ] }, "id": "VAR-202307-0593", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-60609" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60609" } ] }, "last_update_date": "2024-01-21T20:18:29.767000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60609)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/449046" }, { "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246657" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60609" }, { "db": "CNNVD", "id": "CNNVD-202307-734" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "Command injection (CWE-77) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021733" }, { "db": "NVD", "id": "CVE-2023-36752" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36752" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36752/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60609" }, { "db": "VULMON", "id": "CVE-2023-36752" }, { "db": "JVNDB", "id": "JVNDB-2023-021733" }, { "db": "CNNVD", "id": "CNNVD-202307-734" }, { "db": "NVD", "id": "CVE-2023-36752" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-60609" }, { "db": "VULMON", "id": "CVE-2023-36752" }, { "db": "JVNDB", "id": "JVNDB-2023-021733" }, { "db": "CNNVD", "id": "CNNVD-202307-734" }, { "db": "NVD", "id": "CVE-2023-36752" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60609" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36752" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021733" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-734" }, { "date": "2023-07-11T10:15:11.297000", "db": "NVD", "id": "CVE-2023-36752" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60609" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36752" }, { "date": "2024-01-19T08:07:00", "db": "JVNDB", "id": "JVNDB-2023-021733" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-734" }, { "date": "2023-07-18T18:36:28.237000", "db": "NVD", "id": "CVE-2023-36752" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-734" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Command injection vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021733" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-734" } ], "trust": 0.6 } }
var-202307-0595
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the get_elements parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0595", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55711" }, { "db": "JVNDB", "id": "JVNDB-2023-021751" }, { "db": "NVD", "id": "CVE-2023-36386" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36386" } ] }, "cve": "CVE-2023-36386", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2023-55711", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2023-36386", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36386", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36386", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2023-55711", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202307-743", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55711" }, { "db": "JVNDB", "id": "JVNDB-2023-021751" }, { "db": "CNNVD", "id": "CNNVD-202307-743" }, { "db": "NVD", "id": "CVE-2023-36386" }, { "db": "NVD", "id": "CVE-2023-36386" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n\u201cinvalid params element name\u201d error on the get_elements parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments", "sources": [ { "db": "NVD", "id": "CVE-2023-36386" }, { "db": "JVNDB", "id": "JVNDB-2023-021751" }, { "db": "CNVD", "id": "CNVD-2023-55711" }, { "db": "VULMON", "id": "CVE-2023-36386" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36386", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021751", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-55711", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-743", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36386", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55711" }, { "db": "VULMON", "id": "CVE-2023-36386" }, { "db": "JVNDB", "id": "JVNDB-2023-021751" }, { "db": "CNNVD", "id": "CNNVD-202307-743" }, { "db": "NVD", "id": "CVE-2023-36386" } ] }, "id": "VAR-202307-0595", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-55711" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55711" } ] }, "last_update_date": "2024-01-21T20:28:54.129000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX cross-site scripting vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/440296" }, { "title": "Siemens RUGGEDCOM ROX A series of products Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246665" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55711" }, { "db": "CNNVD", "id": "CNNVD-202307-743" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021751" }, { "db": "NVD", "id": "CVE-2023-36386" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36386" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36386/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55711" }, { "db": "VULMON", "id": "CVE-2023-36386" }, { "db": "JVNDB", "id": "JVNDB-2023-021751" }, { "db": "CNNVD", "id": "CNNVD-202307-743" }, { "db": "NVD", "id": "CVE-2023-36386" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-55711" }, { "db": "VULMON", "id": "CVE-2023-36386" }, { "db": "JVNDB", "id": "JVNDB-2023-021751" }, { "db": "CNNVD", "id": "CNNVD-202307-743" }, { "db": "NVD", "id": "CVE-2023-36386" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55711" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36386" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021751" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-743" }, { "date": "2023-07-11T10:15:10.680000", "db": "NVD", "id": "CVE-2023-36386" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55711" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36386" }, { "date": "2024-01-19T08:08:00", "db": "JVNDB", "id": "JVNDB-2023-021751" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-743" }, { "date": "2023-07-18T15:45:46.237000", "db": "NVD", "id": "CVE-2023-36386" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-743" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021751" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-743" } ], "trust": 0.6 } }
var-202307-0584
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of cryptographic algorithms.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0584", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60612" }, { "db": "JVNDB", "id": "JVNDB-2023-021736" }, { "db": "NVD", "id": "CVE-2023-36749" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36749" } ] }, "cve": "CVE-2023-36749", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 9.4, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2023-60612", "impactScore": 9.2, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.4, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-36749", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36749", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36749", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2023-60612", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202307-737", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60612" }, { "db": "JVNDB", "id": "JVNDB-2023-021736" }, { "db": "CNNVD", "id": "CNNVD-202307-737" }, { "db": "NVD", "id": "CVE-2023-36749" }, { "db": "NVD", "id": "CVE-2023-36749" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of cryptographic algorithms.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments", "sources": [ { "db": "NVD", "id": "CVE-2023-36749" }, { "db": "JVNDB", "id": "JVNDB-2023-021736" }, { "db": "CNVD", "id": "CNVD-2023-60612" }, { "db": "VULMON", "id": "CVE-2023-36749" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36749", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021736", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-60612", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-737", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36749", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60612" }, { "db": "VULMON", "id": "CVE-2023-36749" }, { "db": "JVNDB", "id": "JVNDB-2023-021736" }, { "db": "CNNVD", "id": "CNNVD-202307-737" }, { "db": "NVD", "id": "CVE-2023-36749" } ] }, "id": "VAR-202307-0584", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-60612" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60612" } ] }, "last_update_date": "2024-01-21T20:20:09.378000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX Encryption Issue Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/449066" }, { "title": "Siemens RUGGEDCOM ROX Fixes for encryption problem vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246660" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60612" }, { "db": "CNNVD", "id": "CNNVD-202307-737" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-327", "trust": 1.0 }, { "problemtype": "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021736" }, { "db": "NVD", "id": "CVE-2023-36749" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36749" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36749/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60612" }, { "db": "VULMON", "id": "CVE-2023-36749" }, { "db": "JVNDB", "id": "JVNDB-2023-021736" }, { "db": "CNNVD", "id": "CNNVD-202307-737" }, { "db": "NVD", "id": "CVE-2023-36749" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-60612" }, { "db": "VULMON", "id": "CVE-2023-36749" }, { "db": "JVNDB", "id": "JVNDB-2023-021736" }, { "db": "CNNVD", "id": "CNNVD-202307-737" }, { "db": "NVD", "id": "CVE-2023-36749" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-03T00:00:00", "db": "CNVD", "id": "CNVD-2023-60612" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36749" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021736" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-737" }, { "date": "2023-07-11T10:15:11.103000", "db": "NVD", "id": "CVE-2023-36749" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60612" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36749" }, { "date": "2024-01-19T08:07:00", "db": "JVNDB", "id": "JVNDB-2023-021736" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-737" }, { "date": "2023-07-18T16:57:14.643000", "db": "NVD", "id": "CVE-2023-36749" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-737" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities related to the use of cryptographic algorithms in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021736" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-737" } ], "trust": 0.6 } }
var-202307-0589
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, have vulnerabilities related to encryption strength.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0589", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55708" }, { "db": "JVNDB", "id": "JVNDB-2023-021737" }, { "db": "NVD", "id": "CVE-2023-36748" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36748" } ] }, "cve": "CVE-2023-36748", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.2, "id": "CNVD-2023-55708", "impactScore": 8.5, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:H/Au:N/C:P/I:C/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.2, "impactScore": 4.7, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.8, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-36748", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36748", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36748", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2023-55708", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202307-738", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55708" }, { "db": "JVNDB", "id": "JVNDB-2023-021737" }, { "db": "CNNVD", "id": "CNNVD-202307-738" }, { "db": "NVD", "id": "CVE-2023-36748" }, { "db": "NVD", "id": "CVE-2023-36748" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, have vulnerabilities related to encryption strength.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments", "sources": [ { "db": "NVD", "id": "CVE-2023-36748" }, { "db": "JVNDB", "id": "JVNDB-2023-021737" }, { "db": "CNVD", "id": "CNVD-2023-55708" }, { "db": "VULMON", "id": "CVE-2023-36748" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36748", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021737", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-55708", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-738", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36748", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55708" }, { "db": "VULMON", "id": "CVE-2023-36748" }, { "db": "JVNDB", "id": "JVNDB-2023-021737" }, { "db": "CNNVD", "id": "CNNVD-202307-738" }, { "db": "NVD", "id": "CVE-2023-36748" } ] }, "id": "VAR-202307-0589", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-55708" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55708" } ] }, "last_update_date": "2024-01-21T21:07:28.425000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX Weak Password Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/440291" }, { "title": "Siemens RUGGEDCOM ROX A series of products Fixes for encryption problem vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246661" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55708" }, { "db": "CNNVD", "id": "CNNVD-202307-738" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-326", "trust": 1.0 }, { "problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021737" }, { "db": "NVD", "id": "CVE-2023-36748" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36748" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36748/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55708" }, { "db": "VULMON", "id": "CVE-2023-36748" }, { "db": "JVNDB", "id": "JVNDB-2023-021737" }, { "db": "CNNVD", "id": "CNNVD-202307-738" }, { "db": "NVD", "id": "CVE-2023-36748" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-55708" }, { "db": "VULMON", "id": "CVE-2023-36748" }, { "db": "JVNDB", "id": "JVNDB-2023-021737" }, { "db": "CNNVD", "id": "CNNVD-202307-738" }, { "db": "NVD", "id": "CVE-2023-36748" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55708" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36748" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021737" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-738" }, { "date": "2023-07-11T10:15:11.033000", "db": "NVD", "id": "CVE-2023-36748" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55708" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36748" }, { "date": "2024-01-19T08:07:00", "db": "JVNDB", "id": "JVNDB-2023-021737" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-738" }, { "date": "2023-07-18T16:40:40.913000", "db": "NVD", "id": "CVE-2023-36748" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-738" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cryptographic strength vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021737" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-738" } ], "trust": 0.6 } }
var-202307-0594
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.
Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0594", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60607" }, { "db": "JVNDB", "id": "JVNDB-2023-021731" }, { "db": "NVD", "id": "CVE-2023-36754" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36754" } ] }, "cve": "CVE-2023-36754", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2023-60607", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.3, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-36754", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36754", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36754", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2023-60607", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202307-732", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60607" }, { "db": "JVNDB", "id": "JVNDB-2023-021731" }, { "db": "CNNVD", "id": "CNNVD-202307-732" }, { "db": "NVD", "id": "CVE-2023-36754" }, { "db": "NVD", "id": "CVE-2023-36754" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation", "sources": [ { "db": "NVD", "id": "CVE-2023-36754" }, { "db": "JVNDB", "id": "JVNDB-2023-021731" }, { "db": "CNVD", "id": "CNVD-2023-60607" }, { "db": "VULMON", "id": "CVE-2023-36754" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36754", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021731", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-60607", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-732", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36754", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60607" }, { "db": "VULMON", "id": "CVE-2023-36754" }, { "db": "JVNDB", "id": "JVNDB-2023-021731" }, { "db": "CNNVD", "id": "CNNVD-202307-732" }, { "db": "NVD", "id": "CVE-2023-36754" } ] }, "id": "VAR-202307-0594", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-60607" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60607" } ] }, "last_update_date": "2024-01-21T20:13:45.942000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60607)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/449036" }, { "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246655" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60607" }, { "db": "CNNVD", "id": "CNNVD-202307-732" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "Command injection (CWE-77) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021731" }, { "db": "NVD", "id": "CVE-2023-36754" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36754" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36754/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60607" }, { "db": "VULMON", "id": "CVE-2023-36754" }, { "db": "JVNDB", "id": "JVNDB-2023-021731" }, { "db": "CNNVD", "id": "CNNVD-202307-732" }, { "db": "NVD", "id": "CVE-2023-36754" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-60607" }, { "db": "VULMON", "id": "CVE-2023-36754" }, { "db": "JVNDB", "id": "JVNDB-2023-021731" }, { "db": "CNNVD", "id": "CNNVD-202307-732" }, { "db": "NVD", "id": "CVE-2023-36754" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60607" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36754" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021731" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-732" }, { "date": "2023-07-11T10:15:11.427000", "db": "NVD", "id": "CVE-2023-36754" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60607" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36754" }, { "date": "2024-01-19T08:07:00", "db": "JVNDB", "id": "JVNDB-2023-021731" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-732" }, { "date": "2023-07-18T18:48:34.160000", "db": "NVD", "id": "CVE-2023-36754" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-732" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Command injection vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021731" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-732" } ], "trust": 0.6 } }
var-202307-0592
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected directly in the response without sanitization while throwing an “invalid path” error. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0592", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55710" }, { "db": "JVNDB", "id": "JVNDB-2023-021750" }, { "db": "NVD", "id": "CVE-2023-36389" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36389" } ] }, "cve": "CVE-2023-36389", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2023-55710", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2023-36389", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36389", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36389", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2023-55710", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202307-742", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55710" }, { "db": "JVNDB", "id": "JVNDB-2023-021750" }, { "db": "CNNVD", "id": "CNNVD-202307-742" }, { "db": "NVD", "id": "CVE-2023-36389" }, { "db": "NVD", "id": "CVE-2023-36389" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an \u201cinvalid path\u201d error. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments", "sources": [ { "db": "NVD", "id": "CVE-2023-36389" }, { "db": "JVNDB", "id": "JVNDB-2023-021750" }, { "db": "CNVD", "id": "CNVD-2023-55710" }, { "db": "VULMON", "id": "CVE-2023-36389" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36389", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021750", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-55710", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-742", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36389", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55710" }, { "db": "VULMON", "id": "CVE-2023-36389" }, { "db": "JVNDB", "id": "JVNDB-2023-021750" }, { "db": "CNNVD", "id": "CNNVD-202307-742" }, { "db": "NVD", "id": "CVE-2023-36389" } ] }, "id": "VAR-202307-0592", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-55710" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55710" } ] }, "last_update_date": "2024-01-21T19:57:45.379000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55710)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/440306" }, { "title": "Siemens RUGGEDCOM ROX Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246664" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55710" }, { "db": "CNNVD", "id": "CNNVD-202307-742" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021750" }, { "db": "NVD", "id": "CVE-2023-36389" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36389" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36389/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55710" }, { "db": "VULMON", "id": "CVE-2023-36389" }, { "db": "JVNDB", "id": "JVNDB-2023-021750" }, { "db": "CNNVD", "id": "CNNVD-202307-742" }, { "db": "NVD", "id": "CVE-2023-36389" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-55710" }, { "db": "VULMON", "id": "CVE-2023-36389" }, { "db": "JVNDB", "id": "JVNDB-2023-021750" }, { "db": "CNNVD", "id": "CNNVD-202307-742" }, { "db": "NVD", "id": "CVE-2023-36389" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55710" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36389" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021750" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-742" }, { "date": "2023-07-11T10:15:10.760000", "db": "NVD", "id": "CVE-2023-36389" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55710" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36389" }, { "date": "2024-01-19T08:08:00", "db": "JVNDB", "id": "JVNDB-2023-021750" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-742" }, { "date": "2023-07-18T16:35:46.253000", "db": "NVD", "id": "CVE-2023-36389" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-742" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021750" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-742" } ], "trust": 0.6 } }
var-202307-0583
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.
Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0583", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60608" }, { "db": "JVNDB", "id": "JVNDB-2023-021732" }, { "db": "NVD", "id": "CVE-2023-36753" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-36753" } ] }, "cve": "CVE-2023-36753", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2023-60608", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.3, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-36753", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-36753", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-36753", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2023-60608", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202307-733", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60608" }, { "db": "JVNDB", "id": "JVNDB-2023-021732" }, { "db": "CNNVD", "id": "CNNVD-202307-733" }, { "db": "NVD", "id": "CVE-2023-36753" }, { "db": "NVD", "id": "CVE-2023-36753" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation", "sources": [ { "db": "NVD", "id": "CVE-2023-36753" }, { "db": "JVNDB", "id": "JVNDB-2023-021732" }, { "db": "CNVD", "id": "CNVD-2023-60608" }, { "db": "VULMON", "id": "CVE-2023-36753" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-36753", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021732", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-60608", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-733", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-36753", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60608" }, { "db": "VULMON", "id": "CVE-2023-36753" }, { "db": "JVNDB", "id": "JVNDB-2023-021732" }, { "db": "CNNVD", "id": "CNNVD-202307-733" }, { "db": "NVD", "id": "CVE-2023-36753" } ] }, "id": "VAR-202307-0583", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-60608" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60608" } ] }, "last_update_date": "2024-01-21T21:42:35.826000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60608)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/449041" }, { "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246656" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60608" }, { "db": "CNNVD", "id": "CNNVD-202307-733" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "Command injection (CWE-77) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021732" }, { "db": "NVD", "id": "CVE-2023-36753" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36753" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-36753/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-60608" }, { "db": "VULMON", "id": "CVE-2023-36753" }, { "db": "JVNDB", "id": "JVNDB-2023-021732" }, { "db": "CNNVD", "id": "CNNVD-202307-733" }, { "db": "NVD", "id": "CVE-2023-36753" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-60608" }, { "db": "VULMON", "id": "CVE-2023-36753" }, { "db": "JVNDB", "id": "JVNDB-2023-021732" }, { "db": "CNNVD", "id": "CNNVD-202307-733" }, { "db": "NVD", "id": "CVE-2023-36753" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60608" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36753" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021732" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-733" }, { "date": "2023-07-11T10:15:11.360000", "db": "NVD", "id": "CVE-2023-36753" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-60608" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2023-36753" }, { "date": "2024-01-19T08:07:00", "db": "JVNDB", "id": "JVNDB-2023-021732" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-733" }, { "date": "2023-07-18T18:39:45.780000", "db": "NVD", "id": "CVE-2023-36753" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-733" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Command injection vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021732" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-733" } ], "trust": 0.6 } }
var-202307-0586
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0586", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55712" }, { "db": "JVNDB", "id": "JVNDB-2022-024814" }, { "db": "NVD", "id": "CVE-2022-29562" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29562" } ] }, "cve": "CVE-2022-29562", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CNVD-2023-55712", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-29562", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29562", "trust": 1.8, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2022-29562", "trust": 1.0, "value": "LOW" }, { "author": "CNVD", "id": "CNVD-2023-55712", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202307-749", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55712" }, { "db": "JVNDB", "id": "JVNDB-2022-024814" }, { "db": "CNNVD", "id": "CNNVD-202307-749" }, { "db": "NVD", "id": "CVE-2022-29562" }, { "db": "NVD", "id": "CVE-2022-29562" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments", "sources": [ { "db": "NVD", "id": "CVE-2022-29562" }, { "db": "JVNDB", "id": "JVNDB-2022-024814" }, { "db": "CNVD", "id": "CNVD-2023-55712" }, { "db": "VULMON", "id": "CVE-2022-29562" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29562", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-024814", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-55712", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-749", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29562", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55712" }, { "db": "VULMON", "id": "CVE-2022-29562" }, { "db": "JVNDB", "id": "JVNDB-2022-024814" }, { "db": "CNNVD", "id": "CNNVD-202307-749" }, { "db": "NVD", "id": "CVE-2022-29562" } ] }, "id": "VAR-202307-0586", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-55712" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55712" } ] }, "last_update_date": "2024-01-21T20:00:09.760000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX Input Validation Error Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/440286" }, { "title": "Siemens RUGGEDCOM ROX Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246668" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55712" }, { "db": "CNNVD", "id": "CNNVD-202307-749" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-024814" }, { "db": "NVD", "id": "CVE-2022-29562" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29562" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29562/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55712" }, { "db": "VULMON", "id": "CVE-2022-29562" }, { "db": "JVNDB", "id": "JVNDB-2022-024814" }, { "db": "CNNVD", "id": "CNNVD-202307-749" }, { "db": "NVD", "id": "CVE-2022-29562" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-55712" }, { "db": "VULMON", "id": "CVE-2022-29562" }, { "db": "JVNDB", "id": "JVNDB-2022-024814" }, { "db": "CNNVD", "id": "CNNVD-202307-749" }, { "db": "NVD", "id": "CVE-2022-29562" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55712" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2022-29562" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-024814" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-749" }, { "date": "2023-07-11T10:15:10.043000", "db": "NVD", "id": "CVE-2022-29562" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55712" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2022-29562" }, { "date": "2024-01-19T08:14:00", "db": "JVNDB", "id": "JVNDB-2022-024814" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-749" }, { "date": "2023-07-18T16:16:33.860000", "db": "NVD", "id": "CVE-2022-29562" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-749" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens RUGGEDCOM ROX Input Validation Error Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2023-55712" }, { "db": "CNNVD", "id": "CNNVD-202307-749" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-749" } ], "trust": 0.6 } }
var-202307-0587
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, are vulnerable to cross-site request forgery.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0587", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1501", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1524", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1512", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1510", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1511", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000re", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox rx1536", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rox mx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox mx5000re", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1400", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1500", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1501", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1510", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1511", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1512", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1524", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx1536", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" }, { "model": "ruggedcom rox rx5000", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.16.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55713" }, { "db": "JVNDB", "id": "JVNDB-2022-024815" }, { "db": "NVD", "id": "CVE-2022-29561" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29561" } ] }, "cve": "CVE-2022-29561", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "CNVD-2023-55713", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-29561", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29561", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2022-29561", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2023-55713", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202307-750", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55713" }, { "db": "JVNDB", "id": "JVNDB-2022-024815" }, { "db": "CNNVD", "id": "CNNVD-202307-750" }, { "db": "NVD", "id": "CVE-2022-29561" }, { "db": "NVD", "id": "CVE-2022-29561" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, are vulnerable to cross-site request forgery.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments", "sources": [ { "db": "NVD", "id": "CVE-2022-29561" }, { "db": "JVNDB", "id": "JVNDB-2022-024815" }, { "db": "CNVD", "id": "CNVD-2023-55713" }, { "db": "VULMON", "id": "CVE-2022-29561" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29561", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-146325", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-23-194-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95292697", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-024815", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-55713", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202307-750", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29561", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55713" }, { "db": "VULMON", "id": "CVE-2022-29561" }, { "db": "JVNDB", "id": "JVNDB-2022-024815" }, { "db": "CNNVD", "id": "CNNVD-202307-750" }, { "db": "NVD", "id": "CVE-2022-29561" } ] }, "id": "VAR-202307-0587", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-55713" } ], "trust": 1.12540106 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55713" } ] }, "last_update_date": "2024-01-21T21:53:36.075000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens RUGGEDCOM ROX cross-site request forgery vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/440281" }, { "title": "Siemens RUGGEDCOM ROX Fixes for cross-site request forgery vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246669" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55713" }, { "db": "CNNVD", "id": "CNNVD-202307-750" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.0 }, { "problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-024815" }, { "db": "NVD", "id": "CVE-2022-29561" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95292697/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29561" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29561/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-55713" }, { "db": "VULMON", "id": "CVE-2022-29561" }, { "db": "JVNDB", "id": "JVNDB-2022-024815" }, { "db": "CNNVD", "id": "CNNVD-202307-750" }, { "db": "NVD", "id": "CVE-2022-29561" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-55713" }, { "db": "VULMON", "id": "CVE-2022-29561" }, { "db": "JVNDB", "id": "JVNDB-2022-024815" }, { "db": "CNNVD", "id": "CNNVD-202307-750" }, { "db": "NVD", "id": "CVE-2022-29561" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55713" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2022-29561" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-024815" }, { "date": "2023-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-750" }, { "date": "2023-07-11T10:15:09.970000", "db": "NVD", "id": "CVE-2022-29561" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2023-55713" }, { "date": "2023-07-11T00:00:00", "db": "VULMON", "id": "CVE-2022-29561" }, { "date": "2024-01-19T08:14:00", "db": "JVNDB", "id": "JVNDB-2022-024815" }, { "date": "2023-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-750" }, { "date": "2023-07-18T16:05:58.730000", "db": "NVD", "id": "CVE-2022-29561" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-750" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens RUGGEDCOM ROX cross-site request forgery vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2023-55713" }, { "db": "CNNVD", "id": "CNNVD-202307-750" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cross-site request forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-750" } ], "trust": 0.6 } }