{"vulnerability": "cve-2022-2347", "sightings": [{"uuid": "864dd576-920c-4a19-94af-1de51a4588d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-23477", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_24/2022", "content": "", "creation_timestamp": "2022-12-12T09:00:28.000000Z"}, {"uuid": "ce0a69d4-3555-4836-bc23-29cb046c1bf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-23478", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_24/2022", "content": "", "creation_timestamp": "2022-12-12T09:00:28.000000Z"}, {"uuid": "279faf25-c90a-49a7-9cb0-f1adcf3735b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2347", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10626", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 Technical Advisory \u2013 U-Boot \u2013 Unchecked Download Size and Direction in USB DFU (CVE-2022-2347).\n\nhttps://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/", "creation_timestamp": "2023-01-22T09:02:14.000000Z"}, {"uuid": "4821d8e3-6d48-4c51-9e55-5d00a7618258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-23479", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_24/2022", "content": "", "creation_timestamp": "2022-12-12T09:00:28.000000Z"}, {"uuid": "4cb377e7-2409-4325-8c59-ff58e06b6c0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23475", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12890", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23475\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated  by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy.\n\n\n\n\ud83d\udccf Published: 2022-12-06T19:13:36.217Z\n\ud83d\udccf Modified: 2025-04-22T15:58:29.584Z\n\ud83d\udd17 References:\n1. https://github.com/lirantal/daloradius/security/advisories/GHSA-c9xx-6mvw-9v84\n2. https://github.com/lirantal/daloradius/commit/ec3b4a419e20540cf28ce60e48998b893e3f1dea", "creation_timestamp": "2025-04-22T16:03:36.000000Z"}, {"uuid": "184d64a0-b8bf-418b-b2eb-ec431536c0be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2347", "type": "published-proof-of-concept", "source": "https://t.me/orderofsixangles/1787", "content": "Technical Advisory \u2013 U-Boot \u2013 Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)\n\nhttps://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/", "creation_timestamp": "2023-01-21T12:39:40.000000Z"}, {"uuid": "217c9e1c-c2fe-4329-b716-8161a9a1643b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2347", "type": "published-proof-of-concept", "source": "https://t.me/freeosint/1172", "content": "\ud83d\udce1U-boot \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 Starlink \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0433\u043b\u0430\u0432\u043d\u043e\u0433\u043e \u0431\u0443\u0442\u043b\u043e\u0430\u0434\u0435\u0440\u0430 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0430 (\u043f\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043f\u043e\u0441\u0442\u0430\u043c \u0432 \u043a\u0430\u043d\u0430\u043b\u0435 \u0443\u0436\u0435 \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e \u0437\u043d\u0430\u0435\u0442\u0435, \u0438\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u0437\u043d\u0430\u043b\u0438), \u0435\u0441\u043b\u0438 \u043a\u0442\u043e \u0432\u0434\u0440\u0443\u0433 \u0437\u0430\u0445\u043e\u0447\u0435\u0442 \u0437\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u0435\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u043c,  \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u044e \u043d\u0438\u0436\u0435 \u0441\u0441\u044b\u043b\u043a\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u043e\u0449\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\n\n\ud83d\udce1U-boot is used in Starlink as the main bootloader in terminal (according to some posts in the channel, you probably already know, or previously knew), if someone suddenly wants to do his research, I attach the links below to simplify the process.\n\n\ud83d\udcbeU-Boot Source Tree\n\ud83d\udcbeu-boot from starlink wi-fi gen2 \n\ud83d\udcbeU-Boot in OpenWrt\n\ud83d\udcbeu-boot docs \n\ud83d\udcbeThe u-booting securely\n\ud83d\udcbeU-Boot Secure Boot\n\ud83d\udcbeU-Boot Verified Boot vulnerability: CVE-2020-10648\n\ud83d\udcbeAnalysis and reverse-engineering of the original Starlink router(helpful information about u-boot in Starlink)\n\ud83d\udcbeReversing embedded device bootloader (U-Boot) - p.1\n\ud83d\udcbeReversing embedded device bootloader (U-Boot) - p.2\n\ud83d\udcbeDas U-Boot Verified Boot Bypass\n\ud83d\udcbeRecovering Firmware Through U-boot\n\ud83d\udcbeBushwhacking your way around a bootloader\n\ud83d\udcbeMultiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)\n\ud83d\udcbeCVE-2022-2347\n\ud83d\udcbedepthcharge is an U-Boot hacking toolkit for security researchers and tinkerers", "creation_timestamp": "2022-11-05T09:45:10.000000Z"}, {"uuid": "9771896c-638e-4a76-82b0-d0c8e92b1c99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2347", "type": "seen", "source": "https://t.me/ctinow/88408", "content": "Technical Advisory \u2013 U-Boot \u2013 Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)\n\nhttps://ift.tt/HcgkhjU", "creation_timestamp": "2023-01-21T18:22:10.000000Z"}, {"uuid": "47d10f14-7353-4eff-84e3-adbf2615e847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2347", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2408", "content": "#exploit\n1. A Step-By-Step Introduction To The Use Of ROP Gadgets To Bypass DEP\nhttps://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep\n\n2. b3typer - Simple typer bug\nhttps://blog.bi0s.in/2023/01/23/Pwn/bi0sCTF22-b3typer\n\n3. CVE-2022-2347:\nU-Boot - Unchecked Download Size/Direction in USB DFU\nhttps://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347", "creation_timestamp": "2023-01-24T14:44:40.000000Z"}, {"uuid": "b347151d-6c7d-4e16-832e-2cab868363b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23475", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1706", "content": "#exploit\n1. CVE-2022-23475:\ndaloRADIUS Vulnerablity\nhttps://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app\n\n2. Django RCE(DJRCE) exploitation with leaked SECRET_KEY variable\nhttps://github.com/0xuf/DJRCE\n\n3. Exploit collection for some Service DCOM Object LPE vulnerability (by SeImpersonatePrivilege abuse)\nhttps://github.com/zcgonvh/DCOMPotato", "creation_timestamp": "2022-12-14T19:53:35.000000Z"}, {"uuid": "b7c58376-9c03-4f2c-b72f-2a8e6ed3699f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23474", "type": "seen", "source": "https://t.me/cibsecurity/54607", "content": "\u203c CVE-2022-23474 \u203c\n\nEditor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper\u00e2\u20ac\u2122s innerHTML. This issue is patched in version 2.26.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:23:35.000000Z"}, {"uuid": "72eab674-ec8f-4a28-9eae-d7b188301e94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23478", "type": "seen", "source": "https://t.me/cibsecurity/54234", "content": "\u203c CVE-2022-23478 \u203c\n\nxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-09T20:18:45.000000Z"}, {"uuid": "dcec96fe-bf47-410a-bf0b-d87e3edf19c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2347", "type": "seen", "source": "https://t.me/cibsecurity/50314", "content": "\u203c CVE-2022-2347 \u203c\n\nThere exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T16:13:24.000000Z"}, {"uuid": "a2e16189-5913-4867-87fa-e643655ccfe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23476", "type": "seen", "source": "https://t.me/cibsecurity/54149", "content": "\u203c CVE-2022-23476 \u203c\n\nNokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-08T07:12:14.000000Z"}, {"uuid": "4f497ad7-a402-473d-951c-2eec51b30b16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23473", "type": "seen", "source": "https://t.me/cibsecurity/54382", "content": "\u203c CVE-2022-23473 \u203c\n\nTuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T12:32:29.000000Z"}, {"uuid": "2cee3c34-afc8-4174-8166-75f629b88978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23479", "type": "seen", "source": "https://t.me/cibsecurity/54224", "content": "\u203c CVE-2022-23479 \u203c\n\nxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-09T20:18:32.000000Z"}, {"uuid": "287a39ca-3561-4818-a613-2678fb90a809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23477", "type": "seen", "source": "https://t.me/cibsecurity/54241", "content": "\u203c CVE-2022-23477 \u203c\n\nxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-09T20:18:56.000000Z"}, {"uuid": "8bece26f-35c7-47d6-94c0-816f41395383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23475", "type": "seen", "source": "https://t.me/cibsecurity/54098", "content": "\u203c CVE-2022-23475 \u203c\n\ndaloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T22:41:06.000000Z"}, {"uuid": "e3b6cf42-eae2-4923-b91f-ae31b3e7ad0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23472", "type": "seen", "source": "https://t.me/cibsecurity/54080", "content": "\u203c CVE-2022-23472 \u203c\n\nPasseo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T20:40:59.000000Z"}, {"uuid": "4acfdd6d-5cc0-4152-b18b-ad8a6dcc693f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23470", "type": "seen", "source": "https://t.me/cibsecurity/54075", "content": "\u203c CVE-2022-23470 \u203c\n\nGalaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy's internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T20:40:53.000000Z"}, {"uuid": "77c913ef-39dc-4a7c-ab73-2b76a84d0d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23475", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7333", "content": "#exploit\n1. CVE-2022-23475:\ndaloRADIUS Vulnerablity\nhttps://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app\n\n2. Django RCE(DJRCE) exploitation with leaked SECRET_KEY variable\nhttps://github.com/0xuf/DJRCE\n\n3. Exploit collection for some Service DCOM Object LPE vulnerability (by SeImpersonatePrivilege abuse)\nhttps://github.com/zcgonvh/DCOMPotato", "creation_timestamp": "2022-12-10T13:08:01.000000Z"}, {"uuid": "8209b7a2-e6b9-49e0-b52e-5b2b69d080b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2347", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7610", "content": "#exploit\n1. A Step-By-Step Introduction To The Use Of ROP Gadgets To Bypass DEP\nhttps://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep\n\n2. b3typer - Simple typer bug\nhttps://blog.bi0s.in/2023/01/23/Pwn/bi0sCTF22-b3typer\n\n3. CVE-2022-2347:\nU-Boot - Unchecked Download Size/Direction in USB DFU\nhttps://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347", "creation_timestamp": "2023-01-24T11:01:01.000000Z"}, {"uuid": "78704f26-8285-4d55-8a34-9feaed458b6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2347", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-16", "content": "View CSAF\n\nSummary\n\nRuggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.\n\nThe following versions of Siemens Ruggedcom Rox are affected:\n\n\n\nRUGGEDCOM ROX MX5000 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX MX5000RE vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX RX1400 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX RX1500 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX RX1501 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX RX1510 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX RX1511 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX RX1512 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX RX1524 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX RX1536 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\nRUGGEDCOM ROX RX5000 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)\n\n<div class=\"csaf-table\">\n\n\n\n\nCVSS\nVendor\nEquipment\nVulnerabilities\n\n\n\n\nv3 9.8\nSiemens\nSiemens Ruggedcom Rox\nUncontrolled Recursion, Integer Underflow (Wrap or Wraparound), Out-of-bounds Write, Out-of-bounds Read, Improper Input Validation, Heap-based Buffer Overflow, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Use After Free, Improper Validation of Syntactic Correctness of Input, Improper Control of a Resource Through its Lifetime, Integer Overflow or Wraparound, Incorrect Calculation of Buffer Size, Use of Weak Hash, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Stack-based Buffer Overflow, Expired Pointer Dereference\n\n\n\n</div>\n\nBackground\n\n\n\nCritical Infrastructure Sectors: Critical Manufacturing\n\nCountries/Areas Deployed: Worldwide\n\nCompany Headquarters Location: Germany\n\n\n\n\nVulnerabilities\n<div class=\"csaf-accordion\">\n\nExpand All +\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-13103\n<div class=\"csaf-accordion-content\">\n\nA crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-674 Uncontrolled Recursion\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.1\nHIGH\nCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-13104\n<div class=\"csaf-accordion-content\">\n\nIn Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-191 Integer Underflow (Wrap or Wraparound)\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.8\nHIGH\nCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-13106\n<div class=\"csaf-accordion-content\">\n\nDas U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.8\nHIGH\nCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14192\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-191 Integer Underflow (Wrap or Wraparound)\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14193\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the \"if\" block after calculating the new path length.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14194\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14195\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the \"else\" block after calculating the new path length.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14196\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14197\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-125 Out-of-bounds Read\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.0\n9.1\nCRITICAL\nCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14198\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14199\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-191 Integer Underflow (Wrap or Wraparound)\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14200\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14201\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14202\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14203\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2019-14204\n<div class=\"csaf-accordion-content\">\n\nAn issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2020-10648\n<div class=\"csaf-accordion-content\">\n\nDas U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-20 Improper Input Validation\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.8\nHIGH\nCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2022-2347\n<div class=\"csaf-accordion-content\">\n\nThere exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-122 Heap-based Buffer Overflow\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.7\nHIGH\nCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2022-30552\n<div class=\"csaf-accordion-content\">\n\nDas U-Boot 2022.01 has a Buffer Overflow.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n5.5\nMEDIUM\nCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2022-30790\n<div class=\"csaf-accordion-content\">\n\nDas U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.8\nHIGH\nCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2022-34835\n<div class=\"csaf-accordion-content\">\n\nIn Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the \"i2c md\" command enables the corruption of the return address pointer of the do_i2c_md function.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-787 Out-of-bounds Write\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.8\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2023-3019\n<div class=\"csaf-accordion-content\">\n\nA DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-416 Use After Free\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n6\nMEDIUM\nCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2023-27043\n<div class=\"csaf-accordion-content\">\n\nThe email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-1286 Improper Validation of Syntactic Correctness of Input\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n5.3\nMEDIUM\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2024-3447\n<div class=\"csaf-accordion-content\">\n\nA heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-122 Heap-based Buffer Overflow\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n6\nMEDIUM\nCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2024-22365\n<div class=\"csaf-accordion-content\">\n\nlinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-664 Improper Control of a Resource Through its Lifetime\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n5.5\nMEDIUM\nCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2024-57256\n<div class=\"csaf-accordion-content\">\n\nAn integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-190 Integer Overflow or Wraparound\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.1\nHIGH\nCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2024-57258\n<div class=\"csaf-accordion-content\">\n\nInteger overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-190 Integer Overflow or Wraparound\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.1\nHIGH\nCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2025-0395\n<div class=\"csaf-accordion-content\">\n\nWhen the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-131 Incorrect Calculation of Buffer Size\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n6.2\nMEDIUM\nCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2025-3576\n<div class=\"csaf-accordion-content\">\n\nA vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-328 Use of Weak Hash\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n5.9\nMEDIUM\nCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2025-6020\n<div class=\"csaf-accordion-content\">\n\nA flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.8\nHIGH\nCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2025-7425\n<div class=\"csaf-accordion-content\">\n\nA flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-416 Use After Free\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n7.8\nHIGH\nCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2025-9714\n<div class=\"csaf-accordion-content\">\n\nUncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-674 Uncontrolled Recursion\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n6.2\nMEDIUM\nCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2025-46836\n<div class=\"csaf-accordion-content\">\n\nnet-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-121 Stack-based Buffer Overflow\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n6.6\nMEDIUM\nCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2025-49794\n<div class=\"csaf-accordion-content\">\n\nA use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-825 Expired Pointer Dereference\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.1\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n<div class=\"csaf-accordion-item\">\n\nCVE-2025-49796\n<div class=\"csaf-accordion-content\">\n\nA vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.\n\nView CVE Details\n\n\n\nAffected Products\n\nSiemens Ruggedcom Rox\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Siemens</div>\n<div class=\"ics-version\">Product Version:RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nVendor fixUpdate to V2.17.1 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/110002017/\n</div>\n\nRelevant CWE: CWE-125 Out-of-bounds Read\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n9.1\nCRITICAL\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\n\n\n\n</div>\n</div>\n</div>\n</div>\n\n\n\nAcknowledgments\n\n\n\nSiemens ProductCERT reported these vulnerabilities to CISA.\n\n\n\n\nGeneral Recommendations\n\nAs a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity\n\n\n\nAdditional Resources\n\nFor further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories\n\n\n\nTerms of Use\n\nThe use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.\n\n\n\nLegal Notice and Terms of Use\n\nThis product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).\n\n\n\nRecommended Practices\n\nCISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.\n\nMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.\n\nLocate control system networks and remote devices behind firewalls and isolate them from business networks.\n\nWhen remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nCISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\n\n\nAdvisory Conversion Disclaimer\n\nThis ICSA is a verbatim republication of Siemens ProductCERT SSA-577017 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.\n\nRevision History\n\n\n\nInitial Release Date: 2026-05-12\n\n\n\n\n\nDate\nRevision\nSummary\n\n\n\n\n2026-05-12\n1\nPublication Date\n\n\n2026-05-14\n2\nInitial CISA Republication of Siemens ProductCERT SSA-577017 advisory\n\n\n\n\n\n\nLegal Notice and Terms of Use", "creation_timestamp": "2026-05-14T10:00:00.000000Z"}]}