All the vulnerabilites related to siemens - ruggedcom_rox_mx5000re_firmware
cve-2023-36750
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-26 18:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000re",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1400",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1500",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1501",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1510",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1511",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1512",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1524",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1536",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T18:35:58.218652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T18:40:24.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:16.822Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36750",
"datePublished": "2023-07-11T09:07:16.822Z",
"dateReserved": "2023-06-27T11:37:08.703Z",
"dateUpdated": "2024-11-26T18:40:24.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36386
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an
“invalid params element name” error on the get_elements parameters.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:06:52.736344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:10:35.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n\u201cinvalid params element name\u201d error on the get_elements parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:10.369Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36386",
"datePublished": "2023-07-11T09:07:10.369Z",
"dateReserved": "2023-06-21T13:10:13.218Z",
"dateUpdated": "2024-10-21T21:10:35.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36389
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected
directly in the response without sanitization while throwing an “invalid path” error.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:06:51.541223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:10:27.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an \u201cinvalid path\u201d error."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:11.475Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36389",
"datePublished": "2023-07-11T09:07:11.475Z",
"dateReserved": "2023-06-21T14:31:54.523Z",
"dateUpdated": "2024-10-21T21:10:27.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36748
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-27 14:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over to and from the affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T14:16:24.794778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T14:16:46.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326: Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:14.689Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36748",
"datePublished": "2023-07-11T09:07:14.689Z",
"dateReserved": "2023-06-27T11:37:08.703Z",
"dateUpdated": "2024-11-27T14:16:46.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29562
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-12 16:17
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T16:17:25.427826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T16:17:46.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:00.397Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29562",
"datePublished": "2023-07-11T09:07:00.397Z",
"dateReserved": "2022-04-21T13:34:15.980Z",
"dateUpdated": "2024-11-12T16:17:46.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36752
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-20 20:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1512",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1524",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1536",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000re",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1400",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1500",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1501",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1510",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1511",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T20:25:17.463714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T20:30:40.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:19.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36752",
"datePublished": "2023-07-11T09:07:19.000Z",
"dateReserved": "2023-06-27T11:37:08.703Z",
"dateUpdated": "2024-11-20T20:30:40.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36754
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-12-10 17:04
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T17:04:20.520881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T17:04:35.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:21.194Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36754",
"datePublished": "2023-07-11T09:07:21.194Z",
"dateReserved": "2023-06-27T11:37:08.704Z",
"dateUpdated": "2024-12-10T17:04:35.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36390
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response
without sanitization while throwing an “invalid params element name” error on the action parameters.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:06:50.284040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:10:21.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:12.557Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36390",
"datePublished": "2023-07-11T09:07:12.557Z",
"dateReserved": "2023-06-21T14:46:26.354Z",
"dateUpdated": "2024-10-21T21:10:21.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36755
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-19 16:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ruggedcom_rox_mx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ruggedcom_rox_mx5000re",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ruggedcom_rox_rx1400",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ruggedcom_rox_rx1500",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ruggedcom_rox_rx1511",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ruggedcom_rox_rx1512",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ruggedcom_rox_rx1524",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ruggedcom_rox_rx1536",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ruggedcom_rox_rx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T16:25:28.010364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T16:30:23.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:22.285Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36755",
"datePublished": "2023-07-11T09:07:22.285Z",
"dateReserved": "2023-06-27T11:37:08.704Z",
"dateUpdated": "2024-11-19T16:30:23.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29561
Vulnerability from cvelistv5
Published
2023-07-11 09:06
Modified
2024-11-12 19:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000re",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1400",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1500",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1501",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1510",
"vendor": "siemens",
"versions": [
{
"status": "affected",
"version": "V2.16.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1511",
"vendor": "siemens",
"versions": [
{
"status": "affected",
"version": "V2.16.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1512",
"vendor": "siemens",
"versions": [
{
"status": "affected",
"version": "V2.16.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1524",
"vendor": "siemens",
"versions": [
{
"status": "affected",
"version": "V2.16.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1536",
"vendor": "siemens",
"versions": [
{
"status": "affected",
"version": "V2.16.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx5000",
"vendor": "siemens",
"versions": [
{
"status": "affected",
"version": "V2.16.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T19:06:12.746479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T19:11:46.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:06:58.988Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29561",
"datePublished": "2023-07-11T09:06:58.988Z",
"dateReserved": "2022-04-21T13:34:15.980Z",
"dateUpdated": "2024-11-12T19:11:46.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36749
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-27 14:15
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000re",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1400",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1500",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1501",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1510",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1511",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1512",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1524",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1536",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T13:57:48.336400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T14:15:10.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:15.754Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36749",
"datePublished": "2023-07-11T09:07:15.754Z",
"dateReserved": "2023-06-27T11:37:08.703Z",
"dateUpdated": "2024-11-27T14:15:10.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29560
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < 2.15.1 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 2.15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T10:06:38",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-29560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 2.15.1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29560",
"datePublished": "2022-07-12T10:06:38",
"dateReserved": "2022-04-21T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36753
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-12-02 18:56
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000re",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1400",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1500",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1501",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1510",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1511",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1512",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1524",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1536",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T18:50:15.983427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T18:56:24.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:20.117Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36753",
"datePublished": "2023-07-11T09:07:20.117Z",
"dateReserved": "2023-06-27T11:37:08.703Z",
"dateUpdated": "2024-12-02T18:56:24.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36751
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-26 16:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000re",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1400",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1500",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1501",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1510",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1511",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1512",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1524",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1536",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:36:23.343532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:42:01.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:17.921Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-36751",
"datePublished": "2023-07-11T09:07:17.921Z",
"dateReserved": "2023-06-27T11:37:08.703Z",
"dateUpdated": "2024-11-26T16:42:01.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an
“invalid params element name” error on the get_elements parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n\u201cinvalid params element name\u201d error on the get_elements parameters."
}
],
"id": "CVE-2023-36386",
"lastModified": "2024-11-21T08:09:38.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:10.680",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"id": "CVE-2023-36753",
"lastModified": "2024-11-21T08:10:31.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:11.360",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"id": "CVE-2023-36754",
"lastModified": "2024-11-21T08:10:31.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:11.427",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"id": "CVE-2023-36750",
"lastModified": "2024-11-21T08:10:30.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:11.170",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data."
}
],
"id": "CVE-2023-36749",
"lastModified": "2024-11-21T08:10:30.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:11.103",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 06:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user."
}
],
"id": "CVE-2022-29561",
"lastModified": "2024-11-21T06:59:19.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:09.970",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"id": "CVE-2023-36751",
"lastModified": "2024-11-21T08:10:31.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:11.233",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"id": "CVE-2023-36755",
"lastModified": "2024-11-21T08:10:31.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:11.490",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"id": "CVE-2023-36752",
"lastModified": "2024-11-21T08:10:31.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:11.297",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 06:59
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner."
}
],
"id": "CVE-2022-29562",
"lastModified": "2024-11-21T06:59:19.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:10.043",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected
directly in the response without sanitization while throwing an “invalid path” error.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an \u201cinvalid path\u201d error."
}
],
"id": "CVE-2023-36389",
"lastModified": "2024-11-21T08:09:39.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:10.760",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response
without sanitization while throwing an “invalid params element name” error on the action parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters."
}
],
"id": "CVE-2023-36390",
"lastModified": "2024-11-21T08:09:39.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:10.827",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 06:59
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56C961A1-00D0-4F83-B9F5-8C479704669A",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6ACA21-5F5E-470C-8C4A-EFDEDC6E481E",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14C7A8-C6FF-495A-8CC9-CEAD1EA74195",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51713937-53D8-47A1-93CD-A71BB1F68082",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8895AC44-D90B-4D79-9F53-CA8E5181F152",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E50BFA7-8FFA-47B8-90E5-8EF89534BB45",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5124C4B1-1AF8-4231-BC19-C7396F334C9A",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2491CAB4-A544-44F2-8634-8A55DFD8270B",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC943E60-DA3E-4A25-9D51-CAD6352E9A10",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE492C0-DED5-474F-B247-735C1E4AF8D5",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB64CBD-AD69-4DE8-ADA8-78A59BBFE931",
"versionEndExcluding": "2.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX MX5000RE (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores a 2.15. 1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores a 2.15. 1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores a 2.15.1). Los dispositivos afectados no comprueban correctamente la entrada del usuario, lo que los hace susceptibles a la inyecci\u00f3n de comandos. Un atacante con acceso al shell o al CLI web con privilegios de administrador podr\u00eda acceder al sistema operativo subyacente como usuario root"
}
],
"id": "CVE-2022-29560",
"lastModified": "2024-11-21T06:59:19.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T10:15:10.493",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over to and from the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device."
}
],
"id": "CVE-2023-36748",
"lastModified": "2024-11-21T08:10:30.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T10:15:11.033",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}