All the vulnerabilites related to siemens - ruggedcom_rox_rx1511_firmware
cve-2023-36755
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-19 16:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.103Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ruggedcom_rox_mx5000", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ruggedcom_rox_mx5000re", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ruggedcom_rox_rx1400", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ruggedcom_rox_rx1500", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ruggedcom_rox_rx1511", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ruggedcom_rox_rx1512", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ruggedcom_rox_rx1524", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ruggedcom_rox_rx1536", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ruggedcom_rox_rx5000", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-36755", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T16:25:28.010364Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T16:30:23.659Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:22.285Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36755", "datePublished": "2023-07-11T09:07:22.285Z", "dateReserved": "2023-06-27T11:37:08.704Z", "dateUpdated": "2024-11-19T16:30:23.659Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-11745
Vulnerability from cvelistv5
Published
2020-01-08 19:22
Modified
2024-08-04 23:03
Severity ?
EPSS score ?
Summary
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Thunderbird |
Version: before 68.3 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:03:32.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176" }, { "name": "openSUSE-SU-2020:0003", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html" }, { "name": "openSUSE-SU-2020:0002", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" }, { "name": "openSUSE-SU-2020:0008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" }, { "name": "USN-4241-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4241-1/" }, { "name": "RHSA-2020:0243", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0243" }, { "name": "RHSA-2020:0466", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0466" }, { "name": "GLSA-202003-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-02" }, { "name": "GLSA-202003-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-10" }, { "name": "GLSA-202003-37", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-37" }, { "name": "USN-4335-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4335-1/" }, { "name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "status": "affected", "version": "before 68.3" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "status": "affected", "version": "before 68.3" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "status": "affected", "version": "before 71" } ] } ], "descriptions": [ { "lang": "en", "value": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71." } ], "problemTypes": [ { "descriptions": [ { "description": "Out of bounds write in NSS when encrypting with a block cipher", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-12T06:08:36", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176" }, { "name": "openSUSE-SU-2020:0003", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html" }, { "name": "openSUSE-SU-2020:0002", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" }, { "name": "openSUSE-SU-2020:0008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" }, { "name": "USN-4241-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4241-1/" }, { "name": "RHSA-2020:0243", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0243" }, { "name": "RHSA-2020:0466", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0466" }, { "name": "GLSA-202003-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-02" }, { "name": "GLSA-202003-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-10" }, { "name": "GLSA-202003-37", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-37" }, { "name": "USN-4335-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4335-1/" }, { "name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-11745", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Thunderbird", "version": { "version_data": [ { "version_value": "before 68.3" } ] } }, { "product_name": "Firefox ESR", "version": { "version_data": [ { "version_value": "before 68.3" } ] } }, { "product_name": "Firefox", "version": { "version_data": [ { "version_value": "before 71" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Out of bounds write in NSS when encrypting with a block cipher" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.mozilla.org/security/advisories/mfsa2019-36/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2019-38/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2019-37/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176" }, { "name": "openSUSE-SU-2020:0003", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html" }, { "name": "openSUSE-SU-2020:0002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" }, { "name": "openSUSE-SU-2020:0008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" }, { "name": "USN-4241-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4241-1/" }, { "name": "RHSA-2020:0243", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0243" }, { "name": "RHSA-2020:0466", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0466" }, { "name": "GLSA-202003-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-02" }, { "name": "GLSA-202003-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-10" }, { "name": "GLSA-202003-37", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-37" }, { "name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/" }, { "name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-11745", "datePublished": "2020-01-08T19:22:00", "dateReserved": "2019-05-03T00:00:00", "dateUpdated": "2024-08-04T23:03:32.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36390
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response
without sanitization while throwing an “invalid params element name” error on the action parameters.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:45:56.373Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36390", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T21:06:50.284040Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T21:10:21.036Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:12.557Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36390", "datePublished": "2023-07-11T09:07:12.557Z", "dateReserved": "2023-06-21T14:46:26.354Z", "dateUpdated": "2024-10-21T21:10:21.036Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29561
Vulnerability from cvelistv5
Published
2023-07-11 09:06
Modified
2024-11-12 19:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:05.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000re", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1400", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1500", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1501", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1510", "vendor": "siemens", "versions": [ { "status": "affected", "version": "V2.16.0" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1511", "vendor": "siemens", "versions": [ { "status": "affected", "version": "V2.16.0" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1512", "vendor": "siemens", "versions": [ { "status": "affected", "version": "V2.16.0" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1524", "vendor": "siemens", "versions": [ { "status": "affected", "version": "V2.16.0" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1536", "vendor": "siemens", "versions": [ { "status": "affected", "version": "V2.16.0" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx5000", "vendor": "siemens", "versions": [ { "status": "affected", "version": "V2.16.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-29561", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T19:06:12.746479Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T19:11:46.270Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:06:58.988Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29561", "datePublished": "2023-07-11T09:06:58.988Z", "dateReserved": "2022-04-21T13:34:15.980Z", "dateUpdated": "2024-11-12T19:11:46.270Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36754
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-12-10 17:04
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.240Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36754", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-10T17:04:20.520881Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-10T17:04:35.432Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:21.194Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36754", "datePublished": "2023-07-11T09:07:21.194Z", "dateReserved": "2023-06-27T11:37:08.704Z", "dateUpdated": "2024-12-10T17:04:35.432Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36386
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an
“invalid params element name” error on the get_elements parameters.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:45:56.712Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36386", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T21:06:52.736344Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T21:10:35.826Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n\u201cinvalid params element name\u201d error on the get_elements parameters." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:10.369Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36386", "datePublished": "2023-07-11T09:07:10.369Z", "dateReserved": "2023-06-21T13:10:13.218Z", "dateUpdated": "2024-10-21T21:10:35.826Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36752
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-20 20:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.242Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1512", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1524", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1536", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx5000", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000re", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1400", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1500", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1501", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1510", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1511", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-36752", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T20:25:17.463714Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T20:30:40.852Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:19.000Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36752", "datePublished": "2023-07-11T09:07:19.000Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-11-20T20:30:40.852Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29562
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-12 16:17
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:06.059Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-29562", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T16:17:25.427826Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T16:17:46.868Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:00.397Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29562", "datePublished": "2023-07-11T09:07:00.397Z", "dateReserved": "2022-04-21T13:34:15.980Z", "dateUpdated": "2024-11-12T16:17:46.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-17007
Vulnerability from cvelistv5
Published
2020-10-22 20:28
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes | x_refsource_MISC | |
https://bugzilla.mozilla.org/show_bug.cgi?id=1533216 | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:24:48.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NSS", "vendor": "Mozilla", "versions": [ { "lessThan": "3.44", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-12T06:00:05", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-17007", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "3.44" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences" } ] } ] }, "references": { "reference_data": [ { "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes", "refsource": "MISC", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-17007", "datePublished": "2020-10-22T20:28:17", "dateReserved": "2019-09-30T00:00:00", "dateUpdated": "2024-08-05T01:24:48.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37175
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.14.1 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:16:02.802Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-280", "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-14T10:47:43", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-37175", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "RUGGEDCOM ROX MX5000", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1400", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1500", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1501", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1510", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1511", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1512", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1524", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1536", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX5000", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges " } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-37175", "datePublished": "2021-09-14T10:47:43", "dateReserved": "2021-07-21T00:00:00", "dateUpdated": "2024-08-04T01:16:02.802Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36751
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-26 16:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000re", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1400", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1500", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1501", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1510", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1511", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1512", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1524", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1536", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx5000", "vendor": "siemens", "versions": [ { "lessThan": "v2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-36751", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T16:36:23.343532Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T16:42:01.446Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:17.921Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36751", "datePublished": "2023-07-11T09:07:17.921Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-11-26T16:42:01.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37173
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.14.1 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:16:02.864Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T09:49:36", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-37173", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "RUGGEDCOM ROX MX5000", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1400", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1500", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1501", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1510", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1511", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1512", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1524", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1536", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX5000", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-269: Improper Privilege Management" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-37173", "datePublished": "2021-09-14T10:47:41", "dateReserved": "2021-07-21T00:00:00", "dateUpdated": "2024-08-04T01:16:02.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36749
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-27 14:15
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000re", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1400", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1500", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1501", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1510", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1511", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1512", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1524", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1536", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx5000", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-36749", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-27T13:57:48.336400Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-27T14:15:10.273Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-327", "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:15.754Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36749", "datePublished": "2023-07-11T09:07:15.754Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-11-27T14:15:10.273Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-17006
Vulnerability from cvelistv5
Published
2020-10-22 20:24
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References
▼ | URL | Tags |
---|---|---|
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes | x_refsource_MISC | |
https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210129-0001/ | x_refsource_CONFIRM | |
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:24:48.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210129-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NSS", "vendor": "Mozilla", "versions": [ { "lessThan": "3.46", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "missing length checks for cryptographic primitives", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-12T06:05:28", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210129-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-17006", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "3.46" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "missing length checks for cryptographic primitives" } ] } ] }, "references": { "reference_data": [ { "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", "refsource": "MISC", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788" }, { "name": "https://security.netapp.com/advisory/ntap-20210129-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210129-0001/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-17006", "datePublished": "2020-10-22T20:24:25", "dateReserved": "2019-09-30T00:00:00", "dateUpdated": "2024-08-05T01:24:48.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37174
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.14.1 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:16:02.881Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-14T10:47:42", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-37174", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "RUGGEDCOM ROX MX5000", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1400", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1500", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1501", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1510", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1511", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1512", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1524", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1536", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX5000", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-250: Execution with Unnecessary Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-37174", "datePublished": "2021-09-14T10:47:42", "dateReserved": "2021-07-21T00:00:00", "dateUpdated": "2024-08-04T01:16:02.881Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36389
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected
directly in the response without sanitization while throwing an “invalid path” error.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:45:56.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36389", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T21:06:51.541223Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T21:10:27.428Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an \u201cinvalid path\u201d error." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:11.475Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36389", "datePublished": "2023-07-11T09:07:11.475Z", "dateReserved": "2023-06-21T14:31:54.523Z", "dateUpdated": "2024-10-21T21:10:27.428Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25217
Vulnerability from cvelistv5
Published
2021-05-26 22:10
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:11.067Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2021-25217" }, { "name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/05/26/6" }, { "name": "FEDORA-2021-08cdb4dc34", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/" }, { "name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html" }, { "name": "FEDORA-2021-8ca8263bde", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220325-0011/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ISC DHCP", "vendor": "ISC", "versions": [ { "lessThan": "4.1-ESV-R16-P1", "status": "affected", "version": "4.1 ESV", "versionType": "custom" }, { "lessThan": "4.4.2-P1", "status": "affected", "version": "4.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Jon Franklin from Dell and Pawel Wieczorkiewicz from Amazon Web Services for (independently) reporting this vulnerability." } ], "datePublic": "2021-05-26T00:00:00", "descriptions": [ { "lang": "en", "value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/docs/cve-2021-25217" }, { "name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/05/26/6" }, { "name": "FEDORA-2021-08cdb4dc34", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/" }, { "name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html" }, { "name": "FEDORA-2021-8ca8263bde", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf" }, { "url": "https://security.netapp.com/advisory/ntap-20220325-0011/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of ISC DHCP:\n\n ISC DHCP 4.1-ESV-R16-P1\n ISC DHCP 4.4.2-P1" } ], "source": { "discovery": "USER" }, "title": "A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient", "workarounds": [ { "lang": "en", "value": "None known." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2021-25217", "datePublished": "2021-05-26T22:10:11.312869Z", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-09-16T22:08:32.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29560
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < 2.15.1 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:06.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] }, { "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 2.15.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-12T10:06:38", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-29560", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "RUGGEDCOM ROX MX5000", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX MX5000RE", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1400", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1500", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1501", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1510", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1511", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1512", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1524", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1536", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX5000", "version": { "version_data": [ { "version_value": "All versions \u003c 2.15.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-29560", "datePublished": "2022-07-12T10:06:38", "dateReserved": "2022-04-21T00:00:00", "dateUpdated": "2024-08-03T06:26:06.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18508
Vulnerability from cvelistv5
Published
2020-10-22 20:14
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
References
▼ | URL | Tags |
---|---|---|
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes | x_refsource_MISC | |
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:08:22.039Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NSS", "vendor": "Mozilla", "versions": [ { "lessThan": "3.41.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "3.36.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service through malformed signatures", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-12T05:57:40", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes" }, { "tags": [ "x_refsource_MISC" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2018-18508", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "3.41.1" }, { "version_affected": "\u003c", "version_value": "3.36.7" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service through malformed signatures" } ] } ] }, "references": { "reference_data": [ { "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes", "refsource": "MISC", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes" }, { "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", "refsource": "MISC", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2018-18508", "datePublished": "2020-10-22T20:14:42", "dateReserved": "2018-10-19T00:00:00", "dateUpdated": "2024-08-05T11:08:22.039Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-41546
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.14.1 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:15:28.882Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] }, { "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.14.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-12T09:49:39", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-41546", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "RUGGEDCOM ROX MX5000", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1400", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1500", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1501", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1510", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1511", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1512", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1524", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX1536", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } }, { "product_name": "RUGGEDCOM ROX RX5000", "version": { "version_data": [ { "version_value": "All versions \u003c V2.14.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-41546", "datePublished": "2021-10-12T09:49:39", "dateReserved": "2021-09-21T00:00:00", "dateUpdated": "2024-08-04T03:15:28.882Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36750
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-26 18:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000re", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1400", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1500", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1501", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1510", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1511", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1512", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1524", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1536", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx5000", "vendor": "siemens", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-36750", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T18:35:58.218652Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T18:40:24.816Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:16.822Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36750", "datePublished": "2023-07-11T09:07:16.822Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-11-26T18:40:24.816Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36753
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-12-02 18:56
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_mx5000re", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1400", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1500", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1501", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1510", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1511", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1512", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1524", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx1536", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rox_rx5000", "vendor": "siemens", "versions": [ { "lessThan": "V2.16.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-36753", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-02T18:50:15.983427Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-02T18:56:24.844Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:20.117Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36753", "datePublished": "2023-07-11T09:07:20.117Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-12-02T18:56:24.844Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36748
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-27 14:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over to and from the affected device.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.437Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36748", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-27T14:16:24.794778Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-27T14:16:46.630Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX MX5000RE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1501", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1510", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1511", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1512", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1524", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX1536", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM ROX RX5000", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.16.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-326", "description": "CWE-326: Inadequate Encryption Strength", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T09:07:14.689Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-36748", "datePublished": "2023-07-11T09:07:14.689Z", "dateReserved": "2023-06-27T11:37:08.703Z", "dateUpdated": "2024-11-27T14:16:46.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "4426D584-AAEF-4E84-8E13-E921DB0F0278", "versionEndExcluding": "3.44", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B09C415-21F2-49C9-BFAE-2151C8ED4D06", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F196C09E-4C45-42D5-B509-7EB77F6566F1", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13D72F66-A1B2-4FB7-B31B-EF16955BC871", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB658DF3-A68F-4248-B240-9194E17941E1", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E16E621D-84DB-4F0D-A771-5E282B0292B2", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "059624DD-C1C8-408C-8026-D4FBC93C3CF9", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service." }, { "lang": "es", "value": "En Network Security Services versiones anteriores a 3.44, una Secuencia de Certificados Netscape malformado puede causar que NSS se bloquee, resultando en una denegaci\u00f3n de servicio" } ], "id": "CVE-2019-17007", "lastModified": "2024-11-21T04:31:31.717", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-10-22T21:15:12.637", "references": [ { "source": "security@mozilla.org", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "source": "security@mozilla.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-295" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-05-26 22:15
Modified
2024-11-21 05:54
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*", "matchCriteriaId": "106A3E98-3D4B-47F7-80AD-49A47A7B20D6", "versionEndIncluding": "4.4.2", "versionStartIncluding": "4.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*", "matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*", "matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*", "matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*", "matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*", "matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*", "matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*", "matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*", "matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*", "matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*", "matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*", "matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*", "matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*", "matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*", "matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*", "matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*", "matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*", "matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*", "matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*", "matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*", "matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*", "matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*", "matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*", "matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*", "matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*", "matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*", "matchCriteriaId": "3BC02748-557A-4131-A372-D99B62B4B93B", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*", "matchCriteriaId": "76A11284-3D81-45F0-8055-17282945C14F", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*", "matchCriteriaId": "98431CF5-D4C2-4FCF-BA81-0BBB631546D2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC90F7B5-81FB-43C5-8658-78589F26A4B2", "versionEndExcluding": "2.15.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "14720DF0-EBA3-4173-9472-163EBC688586", "versionEndExcluding": "2.15.0", "versionStartIncluding": "2.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D09DE9BF-E5F5-40E8-BD31-8090A7A6FACA", "versionEndExcluding": "2.15.0", "versionStartIncluding": "2.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5A05BE2-7F53-49B7-9831-44E97E9ABA4B", "versionEndExcluding": "2.15.0", "versionStartIncluding": "2.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9290F77E-4E1C-4B01-8C6E-4AEFB37C373A", "versionEndExcluding": "2.15.0", "versionStartIncluding": "2.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD195547-C770-4696-BB58-C0EC5FA38C29", "versionEndExcluding": "2.15.0", "versionStartIncluding": "2.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B0D2FC6-C24B-4AF8-813F-4432728A2021", "versionEndExcluding": "2.15.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E06BA0F-8D2A-48AF-B012-07F181F83828", "versionEndExcluding": "2.15.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "28795B18-748A-46AF-B600-5CC7A7A95068", "versionEndExcluding": "2.15.0", "versionStartIncluding": "2.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2788BC61-D5EB-4E44-A896-0A416CC6D51E", "versionEndExcluding": "2.15.0", "versionStartIncluding": "2.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5", "versionEndExcluding": "1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted." }, { "lang": "es", "value": "En ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16, ISC DHCP versiones 4.4.0 anteriores a 4.4.2 (Otras ramas de ISC DHCP (es decir, versiones de la serie 4.0.x o inferiores y versiones de la serie 4.3.x) est\u00e1n m\u00e1s all\u00e1 de su End-of-Life (EOL) y ya no son soportadas por ISC. El resultado de encontrar el fallo mientras se lee un contrato de arrendamiento que lo desencadena var\u00eda, seg\u00fan: el componente afectado (es decir, dhclient o dhcpd) si el paquete se construy\u00f3 como un binario de 32 o 64 bits si fue usado el flag del compilador -fstack-protection-strong al compilar En dhclient, ISC no ha reproducido con \u00e9xito el error en un sistema de 64 bits. Sin embargo, en un sistema de 32 bits es posible causar a dhclient bloquearse cuando leen un contrato de arrendamiento inapropiado, lo que podr\u00eda causar problemas de conectividad de red para un sistema afectado debido a la ausencia de un proceso de cliente DHCP en ejecuci\u00f3n. En dhcpd, cuando se ejecuta en modo DHCPv4 o DHCPv6: si el binario del servidor dhcpd fue construido para una arquitectura de 32 bits Y se especific\u00f3 el flag -fstack-protection-strong al compilador, dhcpd puede salir mientras analiza un archivo de arrendamiento que contiene un arrendamiento objetable, resultando en la falta de servicio a los clientes. Si el binario del servidor dhcpd fue construido para una arquitectura de 64 bits O si la flag -fstack-protection-strong del compilador NO fue especificado, el bloqueo no ocurrir\u00e1, pero es posible que el contrato de arrendamiento ofensivo y el que le sigue sean borrados inapropiadamente" } ], "id": "CVE-2021-25217", "lastModified": "2024-11-21T05:54:34.013", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-officer@isc.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2021-05-26T22:15:07.947", "references": [ { "source": "security-officer@isc.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/05/26/6" }, { "source": "security-officer@isc.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf" }, { "source": "security-officer@isc.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "source": "security-officer@isc.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "https://kb.isc.org/docs/cve-2021-25217" }, { "source": "security-officer@isc.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html" }, { "source": "security-officer@isc.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/" }, { "source": "security-officer@isc.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/" }, { "source": "security-officer@isc.org", "url": "https://security.gentoo.org/glsa/202305-22" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220325-0011/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/05/26/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "https://kb.isc.org/docs/cve-2021-25217" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220325-0011/" } ], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "id": "CVE-2023-36752", "lastModified": "2024-11-21T08:10:31.227", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:11.297", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "id": "CVE-2023-36754", "lastModified": "2024-11-21T08:10:31.540", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:11.427", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 06:59
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner." } ], "id": "CVE-2022-29562", "lastModified": "2024-11-21T06:59:19.557", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:10.043", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 06:59
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.
References
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "56C961A1-00D0-4F83-B9F5-8C479704669A", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F6ACA21-5F5E-470C-8C4A-EFDEDC6E481E", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C14C7A8-C6FF-495A-8CC9-CEAD1EA74195", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "51713937-53D8-47A1-93CD-A71BB1F68082", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8895AC44-D90B-4D79-9F53-CA8E5181F152", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E50BFA7-8FFA-47B8-90E5-8EF89534BB45", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5124C4B1-1AF8-4231-BC19-C7396F334C9A", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2491CAB4-A544-44F2-8634-8A55DFD8270B", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC943E60-DA3E-4A25-9D51-CAD6352E9A10", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FE492C0-DED5-474F-B247-735C1E4AF8D5", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAB64CBD-AD69-4DE8-ADA8-78A59BBFE931", "versionEndExcluding": "2.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX MX5000RE (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores a 2.15. 1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores a 2.15. 1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores a 2.15.1). Los dispositivos afectados no comprueban correctamente la entrada del usuario, lo que los hace susceptibles a la inyecci\u00f3n de comandos. Un atacante con acceso al shell o al CLI web con privilegios de administrador podr\u00eda acceder al sistema operativo subyacente como usuario root" } ], "id": "CVE-2022-29560", "lastModified": "2024-11-21T06:59:19.207", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-07-12T10:15:10.493", "references": [ { "source": "productcert@siemens.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "id": "CVE-2023-36753", "lastModified": "2024-11-21T08:10:31.393", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:11.360", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:14
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.
References
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5538013-C23A-4D6D-8756-8BE210EBEA53", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "183C516E-5BD4-4B50-841F-82AC3F68D12F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A64F21F-30C7-4164-A791-2AE72085EC8D", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E7941A4-2B67-4B27-ACB2-E53449AD766F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "411252B0-9AE4-41F9-876C-A5863CFFA23C", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF574446-EE25-4603-A831-E4766B5E234F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "942464AE-7E81-43D1-9996-27B7C87C26A8", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFEC6D28-3CD1-4786-8F83-DC9A64087879", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AAFB653-F651-4366-B4B4-4185EA89E31F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E0625F9-DCD4-4DF6-9479-3DAE4BDB6976", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores a V2. 14.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores a V2.14.1). Los dispositivos afectados no manejan apropiadamente los permisos para recorrer el sistema de archivos. si es explotado, un atacante podr\u00eda conseguir acceso a una visi\u00f3n general del sistema de archivos completo en los dispositivos afectados" } ], "id": "CVE-2021-37175", "lastModified": "2024-11-21T06:14:47.707", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-14T11:15:25.367", "references": [ { "source": "productcert@siemens.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-280" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "id": "CVE-2023-36750", "lastModified": "2024-11-21T08:10:30.900", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:11.170", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 06:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user." } ], "id": "CVE-2022-29561", "lastModified": "2024-11-21T06:59:19.360", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:09.970", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-01-08 20:15
Modified
2024-11-21 04:21
Severity ?
Summary
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "13CA3D58-3E63-46A9-9E84-0EE98E85FCCD", "versionEndExcluding": "71.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E44031F-A65C-47ED-BE96-D95E9C013208", "versionEndExcluding": "68.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "8620BC60-0832-426B-8B96-8AC49FBD1ACA", "versionEndExcluding": "68.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B09C415-21F2-49C9-BFAE-2151C8ED4D06", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F196C09E-4C45-42D5-B509-7EB77F6566F1", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13D72F66-A1B2-4FB7-B31B-EF16955BC871", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB658DF3-A68F-4248-B240-9194E17941E1", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E16E621D-84DB-4F0D-A771-5E282B0292B2", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "059624DD-C1C8-408C-8026-D4FBC93C3CF9", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71." }, { "lang": "es", "value": "Al encriptar con un cifrado de bloque, si se realiz\u00f3 una llamada a NSC_EncryptUpdate con datos m\u00e1s peque\u00f1os que el tama\u00f1o del bloque, podr\u00eda producirse una peque\u00f1a escritura fuera de l\u00edmites. Esto podr\u00eda haber causado una corrupci\u00f3n de la pila y un bloqueo explotable potencialmente. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a la versi\u00f3n 68.3, Firefox ESR versiones anteriores a la versi\u00f3n 68.3 y Firefox versiones anteriores a la versi\u00f3n 71." } ], "id": "CVE-2019-11745", "lastModified": "2024-11-21T04:21:42.373", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-01-08T20:15:12.313", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0243" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0466" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-02" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-10" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-37" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4241-1/" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4335-1/" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0243" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0466" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-37" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4241-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4335-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "id": "CVE-2023-36751", "lastModified": "2024-11-21T08:10:31.057", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:11.233", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B09C415-21F2-49C9-BFAE-2151C8ED4D06", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F196C09E-4C45-42D5-B509-7EB77F6566F1", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13D72F66-A1B2-4FB7-B31B-EF16955BC871", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB658DF3-A68F-4248-B240-9194E17941E1", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E16E621D-84DB-4F0D-A771-5E282B0292B2", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "059624DD-C1C8-408C-8026-D4FBC93C3CF9", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "83C9B16A-F21D-475D-9B00-9B6E64FAB0F8", "versionEndExcluding": "3.46", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true }, { "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow." }, { "lang": "es", "value": "En Network Security Services (NSS) versiones anteriores a 3.46, varias primitivas criptogr\u00e1ficas presentaban una falta de comprobaci\u00f3n de longitud.\u0026#xa0;En los casos en que la aplicaci\u00f3n que llama a la biblioteca no llev\u00f3 a cabo una comprobaci\u00f3n de saneo en las entradas, lo que podr\u00eda resultar en un bloqueo debido a un desbordamiento del b\u00fafer" } ], "id": "CVE-2019-17006", "lastModified": "2024-11-21T04:31:31.573", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-10-22T21:15:12.560", "references": [ { "source": "security@mozilla.org", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "source": "security@mozilla.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210129-0001/" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210129-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" }, { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an
“invalid params element name” error on the get_elements parameters.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n\u201cinvalid params element name\u201d error on the get_elements parameters." } ], "id": "CVE-2023-36386", "lastModified": "2024-11-21T08:09:38.890", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:10.680", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over to and from the affected device.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device." } ], "id": "CVE-2023-36748", "lastModified": "2024-11-21T08:10:30.583", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 4.7, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:11.033", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-326" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-326" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response
without sanitization while throwing an “invalid params element name” error on the action parameters.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters." } ], "id": "CVE-2023-36390", "lastModified": "2024-11-21T08:09:39.467", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:10.827", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-10-12 10:15
Modified
2024-11-21 06:26
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "183C516E-5BD4-4B50-841F-82AC3F68D12F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5538013-C23A-4D6D-8756-8BE210EBEA53", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A64F21F-30C7-4164-A791-2AE72085EC8D", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E7941A4-2B67-4B27-ACB2-E53449AD766F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "411252B0-9AE4-41F9-876C-A5863CFFA23C", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF574446-EE25-4603-A831-E4766B5E234F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "942464AE-7E81-43D1-9996-27B7C87C26A8", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFEC6D28-3CD1-4786-8F83-DC9A64087879", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AAFB653-F651-4366-B4B4-4185EA89E31F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E0625F9-DCD4-4DF6-9479-3DAE4BDB6976", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores a V2. 14.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores a V2.14.1). Los dispositivos afectados escriben crashdumps sin comprobar si presentan suficiente espacio disponible en el sistema de archivos. Una vez que el crashdump llena todo el sistema de archivos root, los dispositivos afectados no pueden arrancar con \u00e9xito. Un atacante puede aprovechar esta vulnerabilidad para causar una Denegaci\u00f3n de Servicio permanente" } ], "id": "CVE-2021-41546", "lastModified": "2024-11-21T06:26:23.577", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-10-12T10:15:12.710", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "id": "CVE-2023-36755", "lastModified": "2024-11-21T08:10:31.700", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:11.490", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-77" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:14
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.
References
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5538013-C23A-4D6D-8756-8BE210EBEA53", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "183C516E-5BD4-4B50-841F-82AC3F68D12F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A64F21F-30C7-4164-A791-2AE72085EC8D", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E7941A4-2B67-4B27-ACB2-E53449AD766F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "411252B0-9AE4-41F9-876C-A5863CFFA23C", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF574446-EE25-4603-A831-E4766B5E234F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "942464AE-7E81-43D1-9996-27B7C87C26A8", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFEC6D28-3CD1-4786-8F83-DC9A64087879", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AAFB653-F651-4366-B4B4-4185EA89E31F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E0625F9-DCD4-4DF6-9479-3DAE4BDB6976", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores aV2.14.1). Los dispositivos afectados presentan una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial, si es explotado, podr\u00eda permitir a un atacante autenticado extraer datos por medio de Secure Shell (SSH)" } ], "id": "CVE-2021-37173", "lastModified": "2024-11-21T06:14:47.447", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-14T11:15:25.180", "references": [ { "source": "productcert@siemens.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "productcert@siemens.com", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected
directly in the response without sanitization while throwing an “invalid path” error.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an \u201cinvalid path\u201d error." } ], "id": "CVE-2023-36389", "lastModified": "2024-11-21T08:09:39.320", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:10.760", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:14
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.
References
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5538013-C23A-4D6D-8756-8BE210EBEA53", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "183C516E-5BD4-4B50-841F-82AC3F68D12F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A64F21F-30C7-4164-A791-2AE72085EC8D", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E7941A4-2B67-4B27-ACB2-E53449AD766F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "411252B0-9AE4-41F9-876C-A5863CFFA23C", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF574446-EE25-4603-A831-E4766B5E234F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "942464AE-7E81-43D1-9996-27B7C87C26A8", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFEC6D28-3CD1-4786-8F83-DC9A64087879", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AAFB653-F651-4366-B4B4-4185EA89E31F", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E0625F9-DCD4-4DF6-9479-3DAE4BDB6976", "versionEndExcluding": "2.14.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores a V2. 14.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores a V2.14.1). Los dispositivos afectados presentan una vulnerabilidad de escalada de privilegios, si es explotado, un atacante podr\u00eda conseguir acceso de usuario root" } ], "id": "CVE-2021-37174", "lastModified": "2024-11-21T06:14:47.580", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-09-14T11:15:25.273", "references": [ { "source": "productcert@siemens.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-250" } ], "source": "productcert@siemens.com", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 03:56
Severity ?
Summary
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B93092E8-AB81-499E-A4DC-327E6D587CA5", "versionEndExcluding": "3.36.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "62F5DA72-5D31-47E7-9BC8-5CCADC75C3F1", "versionEndExcluding": "3.41.1", "versionStartIncluding": "3.41", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B09C415-21F2-49C9-BFAE-2151C8ED4D06", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F196C09E-4C45-42D5-B509-7EB77F6566F1", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13D72F66-A1B2-4FB7-B31B-EF16955BC871", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB658DF3-A68F-4248-B240-9194E17941E1", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E16E621D-84DB-4F0D-A771-5E282B0292B2", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "059624DD-C1C8-408C-8026-D4FBC93C3CF9", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85", "versionEndExcluding": "2.14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service." }, { "lang": "es", "value": "En Network Security Services (NSS) versiones anteriores a 3.36.7 y versiones anteriores a 3.41.1, una firma malformada puede causar un bloqueo debido a una desreferencia de null, resultando en una Denegaci\u00f3n de Servicio" } ], "id": "CVE-2018-18508", "lastModified": "2024-11-21T03:56:04.393", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-10-22T21:15:12.467", "references": [ { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "source": "security@mozilla.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes" }, { "source": "security@mozilla.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B70C9A14-F31D-452F-8F7E-368E1ED7165C", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C095D9B0-79A3-44A7-9683-B8DEF689D65F", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", "matchCriteriaId": "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A0D1757-6A48-4C53-877A-947CDDD67793", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "957788AA-B685-42B6-8BE9-B61D20B68144", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", "matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0889DDD-C18A-4605-907C-0AAC4362FC94", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA09F789-1903-4487-A108-684EA9423F32", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", "matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76CF386C-0665-401C-9E5F-D3A89E6C2847", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A813AC2B-2F29-45D7-AB27-657A36399F80", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF925B2-B147-4CB0-8789-D68C38135BEE", "versionEndExcluding": "2.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data." } ], "id": "CVE-2023-36749", "lastModified": "2024-11-21T08:10:30.740", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "productcert@siemens.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-11T10:15:11.103", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-327" } ], "source": "productcert@siemens.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-327" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }