Vulnerabilites related to siemens - ruggedcom_rox_mx5000
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected
directly in the response without sanitization while throwing an “invalid path” error.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an “invalid path” error.", }, ], id: "CVE-2023-36389", lastModified: "2024-11-21T08:09:39.320", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:10.760", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-26 22:15
Modified
2024-11-21 05:54
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*", matchCriteriaId: "106A3E98-3D4B-47F7-80AD-49A47A7B20D6", versionEndIncluding: "4.4.2", versionStartIncluding: "4.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*", matchCriteriaId: "FBAABA4E-0D34-4644-AC26-E272CEE6C361", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*", matchCriteriaId: "179443DC-4B6A-408A-8BE5-B3E72188F43E", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*", matchCriteriaId: "C9BE7736-58CD-468B-84AB-B38C9B254BA6", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*", matchCriteriaId: "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*", matchCriteriaId: "CA5FAE54-1645-4A38-A431-10E67304399A", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*", matchCriteriaId: "2C0D1A71-CECB-4C86-87F6-EB3741BDF692", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*", matchCriteriaId: "ADF80D19-3B0A-4A74-944E-F33CCC30EADA", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*", matchCriteriaId: "40B21FCB-43A8-4266-934D-ECFF8138F637", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*", matchCriteriaId: "69D49F23-9074-49E7-985F-4D93393324CD", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*", matchCriteriaId: "3F729D1D-7234-4BC2-839B-AE1BB9D16C25", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*", matchCriteriaId: "9E01D88D-876D-45FE-B7ED-089DAD801EF6", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*", matchCriteriaId: "C4B030B1-F008-4562-93C7-7E1C6D3D00F4", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*", matchCriteriaId: "FF656F5E-B317-4E0C-BF01-EC2A917142DC", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*", matchCriteriaId: "FBA64EEC-C0C7-4F11-8131-2868691E54DB", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*", matchCriteriaId: "FFD3109A-1D76-4EA7-BF39-0B203AD945CF", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*", matchCriteriaId: "157520D7-AE39-4E23-A8CF-DD75EA78C055", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*", matchCriteriaId: "B07118EC-9508-42B8-8D09-5CE310DA2B43", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*", matchCriteriaId: "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*", matchCriteriaId: "A157E664-6ACE-44CE-AC07-64898B182EA1", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*", matchCriteriaId: "0056BF7A-4A70-4F1D-89C2-25CCDB65217B", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*", matchCriteriaId: "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*", matchCriteriaId: "1D21F05D-246F-41F5-81FD-286C26168E2E", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*", matchCriteriaId: "12103C87-C942-481A-A68C-7BC83F964C06", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*", matchCriteriaId: "A2E0124D-6330-4013-8145-4309FDAE60A8", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*", matchCriteriaId: "924E91FF-495F-4963-827F-57F7340C6560", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*", matchCriteriaId: "3BC02748-557A-4131-A372-D99B62B4B93B", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*", matchCriteriaId: "76A11284-3D81-45F0-8055-17282945C14F", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*", matchCriteriaId: "98431CF5-D4C2-4FCF-BA81-0BBB631546D2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DC90F7B5-81FB-43C5-8658-78589F26A4B2", versionEndExcluding: "2.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14720DF0-EBA3-4173-9472-163EBC688586", versionEndExcluding: "2.15.0", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D09DE9BF-E5F5-40E8-BD31-8090A7A6FACA", versionEndExcluding: "2.15.0", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A05BE2-7F53-49B7-9831-44E97E9ABA4B", versionEndExcluding: "2.15.0", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9290F77E-4E1C-4B01-8C6E-4AEFB37C373A", versionEndExcluding: "2.15.0", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD195547-C770-4696-BB58-C0EC5FA38C29", versionEndExcluding: "2.15.0", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4B0D2FC6-C24B-4AF8-813F-4432728A2021", versionEndExcluding: "2.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E06BA0F-8D2A-48AF-B012-07F181F83828", versionEndExcluding: "2.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28795B18-748A-46AF-B600-5CC7A7A95068", versionEndExcluding: "2.15.0", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2788BC61-D5EB-4E44-A896-0A416CC6D51E", versionEndExcluding: "2.15.0", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", matchCriteriaId: "C89891C1-DFD7-4E1F-80A9-7485D86A15B5", versionEndExcluding: "1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", matchCriteriaId: "4664B195-AF14-4834-82B3-0B2C98020EB6", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", matchCriteriaId: "75BC588E-CDF0-404E-AD61-02093A1DF343", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.", }, { lang: "es", value: "En ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16, ISC DHCP versiones 4.4.0 anteriores a 4.4.2 (Otras ramas de ISC DHCP (es decir, versiones de la serie 4.0.x o inferiores y versiones de la serie 4.3.x) están más allá de su End-of-Life (EOL) y ya no son soportadas por ISC. El resultado de encontrar el fallo mientras se lee un contrato de arrendamiento que lo desencadena varía, según: el componente afectado (es decir, dhclient o dhcpd) si el paquete se construyó como un binario de 32 o 64 bits si fue usado el flag del compilador -fstack-protection-strong al compilar En dhclient, ISC no ha reproducido con éxito el error en un sistema de 64 bits. Sin embargo, en un sistema de 32 bits es posible causar a dhclient bloquearse cuando leen un contrato de arrendamiento inapropiado, lo que podría causar problemas de conectividad de red para un sistema afectado debido a la ausencia de un proceso de cliente DHCP en ejecución. En dhcpd, cuando se ejecuta en modo DHCPv4 o DHCPv6: si el binario del servidor dhcpd fue construido para una arquitectura de 32 bits Y se especificó el flag -fstack-protection-strong al compilador, dhcpd puede salir mientras analiza un archivo de arrendamiento que contiene un arrendamiento objetable, resultando en la falta de servicio a los clientes. Si el binario del servidor dhcpd fue construido para una arquitectura de 64 bits O si la flag -fstack-protection-strong del compilador NO fue especificado, el bloqueo no ocurrirá, pero es posible que el contrato de arrendamiento ofensivo y el que le sigue sean borrados inapropiadamente", }, ], id: "CVE-2021-25217", lastModified: "2024-11-21T05:54:34.013", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4, source: "security-officer@isc.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-05-26T22:15:07.947", references: [ { source: "security-officer@isc.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/26/6", }, { source: "security-officer@isc.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf", }, { source: "security-officer@isc.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", }, { source: "security-officer@isc.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://kb.isc.org/docs/cve-2021-25217", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/", }, { source: "security-officer@isc.org", url: "https://security.gentoo.org/glsa/202305-22", }, { source: "security-officer@isc.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220325-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/26/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://kb.isc.org/docs/cve-2021-25217", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220325-0011/", }, ], sourceIdentifier: "security-officer@isc.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], id: "CVE-2023-36751", lastModified: "2024-11-21T08:10:31.057", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.233", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 06:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.", }, ], id: "CVE-2022-29561", lastModified: "2024-11-21T06:59:19.360", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:09.970", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:14
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5538013-C23A-4D6D-8756-8BE210EBEA53", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "183C516E-5BD4-4B50-841F-82AC3F68D12F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A64F21F-30C7-4164-A791-2AE72085EC8D", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9E7941A4-2B67-4B27-ACB2-E53449AD766F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "411252B0-9AE4-41F9-876C-A5863CFFA23C", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF574446-EE25-4603-A831-E4766B5E234F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "942464AE-7E81-43D1-9996-27B7C87C26A8", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CFEC6D28-3CD1-4786-8F83-DC9A64087879", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AAFB653-F651-4366-B4B4-4185EA89E31F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E0625F9-DCD4-4DF6-9479-3DAE4BDB6976", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores aV2.14.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores aV2.14.1). Los dispositivos afectados presentan una vulnerabilidad de exposición de información confidencial, si es explotado, podría permitir a un atacante autenticado extraer datos por medio de Secure Shell (SSH)", }, ], id: "CVE-2021-37173", lastModified: "2024-11-21T06:14:47.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-14T11:15:25.180", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", matchCriteriaId: "4426D584-AAEF-4E84-8E13-E921DB0F0278", versionEndExcluding: "3.44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B09C415-21F2-49C9-BFAE-2151C8ED4D06", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F196C09E-4C45-42D5-B509-7EB77F6566F1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "13D72F66-A1B2-4FB7-B31B-EF16955BC871", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB658DF3-A68F-4248-B240-9194E17941E1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E16E621D-84DB-4F0D-A771-5E282B0292B2", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "059624DD-C1C8-408C-8026-D4FBC93C3CF9", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.", }, { lang: "es", value: "En Network Security Services versiones anteriores a 3.44, una Secuencia de Certificados Netscape malformado puede causar que NSS se bloquee, resultando en una denegación de servicio", }, ], id: "CVE-2019-17007", lastModified: "2024-11-21T04:31:31.717", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-22T21:15:12.637", references: [ { source: "security@mozilla.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "security@mozilla.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], sourceIdentifier: "security@mozilla.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-12 10:15
Modified
2024-11-21 06:26
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "183C516E-5BD4-4B50-841F-82AC3F68D12F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5538013-C23A-4D6D-8756-8BE210EBEA53", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A64F21F-30C7-4164-A791-2AE72085EC8D", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9E7941A4-2B67-4B27-ACB2-E53449AD766F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "411252B0-9AE4-41F9-876C-A5863CFFA23C", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF574446-EE25-4603-A831-E4766B5E234F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "942464AE-7E81-43D1-9996-27B7C87C26A8", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CFEC6D28-3CD1-4786-8F83-DC9A64087879", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AAFB653-F651-4366-B4B4-4185EA89E31F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E0625F9-DCD4-4DF6-9479-3DAE4BDB6976", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores a V2. 14.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores a V2.14.1). Los dispositivos afectados escriben crashdumps sin comprobar si presentan suficiente espacio disponible en el sistema de archivos. Una vez que el crashdump llena todo el sistema de archivos root, los dispositivos afectados no pueden arrancar con éxito. Un atacante puede aprovechar esta vulnerabilidad para causar una Denegación de Servicio permanente", }, ], id: "CVE-2021-41546", lastModified: "2024-11-21T06:26:23.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-12T10:15:12.710", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], id: "CVE-2023-36754", lastModified: "2024-11-21T08:10:31.540", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.427", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], id: "CVE-2023-36752", lastModified: "2024-11-21T08:10:31.227", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.297", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B09C415-21F2-49C9-BFAE-2151C8ED4D06", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F196C09E-4C45-42D5-B509-7EB77F6566F1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "13D72F66-A1B2-4FB7-B31B-EF16955BC871", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB658DF3-A68F-4248-B240-9194E17941E1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E16E621D-84DB-4F0D-A771-5E282B0292B2", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "059624DD-C1C8-408C-8026-D4FBC93C3CF9", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", matchCriteriaId: "83C9B16A-F21D-475D-9B00-9B6E64FAB0F8", versionEndExcluding: "3.46", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.", }, { lang: "es", value: "En Network Security Services (NSS) versiones anteriores a 3.46, varias primitivas criptográficas presentaban una falta de comprobación de longitud. En los casos en que la aplicación que llama a la biblioteca no llevó a cabo una comprobación de saneo en las entradas, lo que podría resultar en un bloqueo debido a un desbordamiento del búfer", }, ], id: "CVE-2019-17006", lastModified: "2024-11-21T04:31:31.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-22T21:15:12.560", references: [ { source: "security@mozilla.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "security@mozilla.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], sourceIdentifier: "security@mozilla.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], id: "CVE-2023-36753", lastModified: "2024-11-21T08:10:31.393", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.360", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 03:56
Severity ?
Summary
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B93092E8-AB81-499E-A4DC-327E6D587CA5", versionEndExcluding: "3.36.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", matchCriteriaId: "62F5DA72-5D31-47E7-9BC8-5CCADC75C3F1", versionEndExcluding: "3.41.1", versionStartIncluding: "3.41", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B09C415-21F2-49C9-BFAE-2151C8ED4D06", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F196C09E-4C45-42D5-B509-7EB77F6566F1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "13D72F66-A1B2-4FB7-B31B-EF16955BC871", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB658DF3-A68F-4248-B240-9194E17941E1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E16E621D-84DB-4F0D-A771-5E282B0292B2", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "059624DD-C1C8-408C-8026-D4FBC93C3CF9", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.", }, { lang: "es", value: "En Network Security Services (NSS) versiones anteriores a 3.36.7 y versiones anteriores a 3.41.1, una firma malformada puede causar un bloqueo debido a una desreferencia de null, resultando en una Denegación de Servicio", }, ], id: "CVE-2018-18508", lastModified: "2024-11-21T03:56:04.393", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-22T21:15:12.467", references: [ { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "security@mozilla.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes", }, { source: "security@mozilla.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], sourceIdentifier: "security@mozilla.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an
“invalid params element name” error on the get_elements parameters.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n“invalid params element name” error on the get_elements parameters.", }, ], id: "CVE-2023-36386", lastModified: "2024-11-21T08:09:38.890", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:10.680", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:14
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5538013-C23A-4D6D-8756-8BE210EBEA53", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "183C516E-5BD4-4B50-841F-82AC3F68D12F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A64F21F-30C7-4164-A791-2AE72085EC8D", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9E7941A4-2B67-4B27-ACB2-E53449AD766F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "411252B0-9AE4-41F9-876C-A5863CFFA23C", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF574446-EE25-4603-A831-E4766B5E234F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "942464AE-7E81-43D1-9996-27B7C87C26A8", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CFEC6D28-3CD1-4786-8F83-DC9A64087879", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AAFB653-F651-4366-B4B4-4185EA89E31F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E0625F9-DCD4-4DF6-9479-3DAE4BDB6976", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores a V2. 14.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores a V2.14.1). Los dispositivos afectados no manejan apropiadamente los permisos para recorrer el sistema de archivos. si es explotado, un atacante podría conseguir acceso a una visión general del sistema de archivos completo en los dispositivos afectados", }, ], id: "CVE-2021-37175", lastModified: "2024-11-21T06:14:47.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-14T11:15:25.367", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-280", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], id: "CVE-2023-36755", lastModified: "2024-11-21T08:10:31.700", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.490", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-12 10:15
Modified
2024-11-21 06:59
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56C961A1-00D0-4F83-B9F5-8C479704669A", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F6ACA21-5F5E-470C-8C4A-EFDEDC6E481E", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4C14C7A8-C6FF-495A-8CC9-CEAD1EA74195", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "51713937-53D8-47A1-93CD-A71BB1F68082", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8895AC44-D90B-4D79-9F53-CA8E5181F152", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E50BFA7-8FFA-47B8-90E5-8EF89534BB45", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5124C4B1-1AF8-4231-BC19-C7396F334C9A", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2491CAB4-A544-44F2-8634-8A55DFD8270B", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DC943E60-DA3E-4A25-9D51-CAD6352E9A10", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FE492C0-DED5-474F-B247-735C1E4AF8D5", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EAB64CBD-AD69-4DE8-ADA8-78A59BBFE931", versionEndExcluding: "2.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX MX5000RE (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores a 2.15. 1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores a 2.15. 1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores a 2.15.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores a 2.15.1). Los dispositivos afectados no comprueban correctamente la entrada del usuario, lo que los hace susceptibles a la inyección de comandos. Un atacante con acceso al shell o al CLI web con privilegios de administrador podría acceder al sistema operativo subyacente como usuario root", }, ], id: "CVE-2022-29560", lastModified: "2024-11-21T06:59:19.207", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-12T10:15:10.493", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 06:59
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.", }, ], id: "CVE-2022-29562", lastModified: "2024-11-21T06:59:19.557", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:10.043", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.", }, ], id: "CVE-2023-36749", lastModified: "2024-11-21T08:10:30.740", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.103", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over to and from the affected device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device.", }, ], id: "CVE-2023-36748", lastModified: "2024-11-21T08:10:30.583", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 4.7, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.033", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-08 20:15
Modified
2024-11-21 04:21
Severity ?
Summary
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "13CA3D58-3E63-46A9-9E84-0EE98E85FCCD", versionEndExcluding: "71.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", matchCriteriaId: "0E44031F-A65C-47ED-BE96-D95E9C013208", versionEndExcluding: "68.3", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "8620BC60-0832-426B-8B96-8AC49FBD1ACA", versionEndExcluding: "68.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", matchCriteriaId: "16E6D998-B41D-4B49-9E00-8336D2E40A4A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B09C415-21F2-49C9-BFAE-2151C8ED4D06", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F196C09E-4C45-42D5-B509-7EB77F6566F1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "13D72F66-A1B2-4FB7-B31B-EF16955BC871", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB658DF3-A68F-4248-B240-9194E17941E1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E16E621D-84DB-4F0D-A771-5E282B0292B2", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "059624DD-C1C8-408C-8026-D4FBC93C3CF9", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.", }, { lang: "es", value: "Al encriptar con un cifrado de bloque, si se realizó una llamada a NSC_EncryptUpdate con datos más pequeños que el tamaño del bloque, podría producirse una pequeña escritura fuera de límites. Esto podría haber causado una corrupción de la pila y un bloqueo explotable potencialmente. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a la versión 68.3, Firefox ESR versiones anteriores a la versión 68.3 y Firefox versiones anteriores a la versión 71.", }, ], id: "CVE-2019-11745", lastModified: "2024-11-21T04:21:42.373", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-08T20:15:12.313", references: [ { source: "security@mozilla.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", }, { source: "security@mozilla.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", }, { source: "security@mozilla.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0243", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0466", }, { source: "security@mozilla.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "security@mozilla.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-02", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-10", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-37", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4241-1/", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4335-1/", }, { source: "security@mozilla.org", tags: [ "Vendor Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-36/", }, { source: "security@mozilla.org", tags: [ "Vendor Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-37/", }, { source: "security@mozilla.org", tags: [ "Vendor Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-38/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0243", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4241-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4335-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-36/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-37/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-38/", }, ], sourceIdentifier: "security@mozilla.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-14 11:15
Modified
2024-11-21 06:14
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5538013-C23A-4D6D-8756-8BE210EBEA53", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "183C516E-5BD4-4B50-841F-82AC3F68D12F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A64F21F-30C7-4164-A791-2AE72085EC8D", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9E7941A4-2B67-4B27-ACB2-E53449AD766F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "411252B0-9AE4-41F9-876C-A5863CFFA23C", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF574446-EE25-4603-A831-E4766B5E234F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "942464AE-7E81-43D1-9996-27B7C87C26A8", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CFEC6D28-3CD1-4786-8F83-DC9A64087879", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AAFB653-F651-4366-B4B4-4185EA89E31F", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E0625F9-DCD4-4DF6-9479-3DAE4BDB6976", versionEndExcluding: "2.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en RUGGEDCOM ROX MX5000 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1400 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1500 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1501 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1510 (Todas las versiones anteriores a V2. 14.1), RUGGEDCOM ROX RX1511 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1512 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1524 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX1536 (Todas las versiones anteriores a V2.14.1), RUGGEDCOM ROX RX5000 (Todas las versiones anteriores a V2.14.1). Los dispositivos afectados presentan una vulnerabilidad de escalada de privilegios, si es explotado, un atacante podría conseguir acceso de usuario root", }, ], id: "CVE-2021-37174", lastModified: "2024-11-21T06:14:47.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-14T11:15:25.273", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-250", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response
without sanitization while throwing an “invalid params element name” error on the action parameters.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an “invalid params element name” error on the action parameters.", }, ], id: "CVE-2023-36390", lastModified: "2024-11-21T08:09:39.467", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:10.827", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:10
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B70C9A14-F31D-452F-8F7E-368E1ED7165C", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C095D9B0-79A3-44A7-9683-B8DEF689D65F", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", matchCriteriaId: "38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3A0D1757-6A48-4C53-877A-947CDDD67793", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "957788AA-B685-42B6-8BE9-B61D20B68144", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC2AF9C-52CA-48FF-A4CD-C042EF225000", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0889DDD-C18A-4605-907C-0AAC4362FC94", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA09F789-1903-4487-A108-684EA9423F32", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76CF386C-0665-401C-9E5F-D3A89E6C2847", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", matchCriteriaId: "F8C70D90-E8FA-4343-9027-152A99D79C82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A813AC2B-2F29-45D7-AB27-657A36399F80", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", matchCriteriaId: "C1775F3B-6F47-4134-8B4E-CF6337FF546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF925B2-B147-4CB0-8789-D68C38135BEE", versionEndExcluding: "2.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], id: "CVE-2023-36750", lastModified: "2024-11-21T08:10:30.900", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.170", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2019-17007
Vulnerability from cvelistv5
Published
2020-10-22 20:28
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1533216 | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:24:48.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NSS", vendor: "Mozilla", versions: [ { lessThan: "3.44", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-12T06:00:05", orgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", shortName: "mozilla", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@mozilla.org", ID: "CVE-2019-17007", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NSS", version: { version_data: [ { version_affected: "<", version_value: "3.44", }, ], }, }, ], }, vendor_name: "Mozilla", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes", refsource: "MISC", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216", refsource: "MISC", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", assignerShortName: "mozilla", cveId: "CVE-2019-17007", datePublished: "2020-10-22T20:28:17", dateReserved: "2019-09-30T00:00:00", dateUpdated: "2024-08-05T01:24:48.580Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29562
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-12 16:17
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:26:06.059Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-29562", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T16:17:25.427826Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T16:17:46.868Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:00.397Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29562", datePublished: "2023-07-11T09:07:00.397Z", dateReserved: "2022-04-21T13:34:15.980Z", dateUpdated: "2024-11-12T16:17:46.868Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36386
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an
“invalid params element name” error on the get_elements parameters.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:56.712Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36386", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T21:06:52.736344Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T21:10:35.826Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n“invalid params element name” error on the get_elements parameters.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:10.369Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36386", datePublished: "2023-07-11T09:07:10.369Z", dateReserved: "2023-06-21T13:10:13.218Z", dateUpdated: "2024-10-21T21:10:35.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36752
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-20 20:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1512", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1524", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1536", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx5000", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000re", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1400", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1500", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1501", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1510", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1511", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-36752", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T20:25:17.463714Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T20:30:40.852Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:19.000Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36752", datePublished: "2023-07-11T09:07:19.000Z", dateReserved: "2023-06-27T11:37:08.703Z", dateUpdated: "2024-11-20T20:30:40.852Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29561
Vulnerability from cvelistv5
Published
2023-07-11 09:06
Modified
2024-11-12 19:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:26:05.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000re", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1400", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1500", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1501", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1510", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1511", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1512", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1524", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1536", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx5000", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-29561", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T19:06:12.746479Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T19:11:46.270Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352: Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:06:58.988Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29561", datePublished: "2023-07-11T09:06:58.988Z", dateReserved: "2022-04-21T13:34:15.980Z", dateUpdated: "2024-11-12T19:11:46.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37174
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.14.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:02.881Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250: Execution with Unnecessary Privileges", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-14T10:47:42", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-37174", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RUGGEDCOM ROX MX5000", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1400", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1500", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1501", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1510", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1511", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1512", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1524", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1536", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX5000", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-250: Execution with Unnecessary Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-37174", datePublished: "2021-09-14T10:47:42", dateReserved: "2021-07-21T00:00:00", dateUpdated: "2024-08-04T01:16:02.881Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11745
Vulnerability from cvelistv5
Published
2020-01-08 19:22
Modified
2024-08-04 23:03
Severity ?
EPSS score ?
Summary
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Mozilla | Thunderbird |
Version: before 68.3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:03:32.560Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-36/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-38/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-37/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", }, { name: "openSUSE-SU-2020:0003", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", }, { name: "openSUSE-SU-2020:0002", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", }, { name: "openSUSE-SU-2020:0008", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", }, { name: "USN-4241-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4241-1/", }, { name: "RHSA-2020:0243", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0243", }, { name: "RHSA-2020:0466", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0466", }, { name: "GLSA-202003-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-02", }, { name: "GLSA-202003-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-10", }, { name: "GLSA-202003-37", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-37", }, { name: "USN-4335-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4335-1/", }, { name: "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Thunderbird", vendor: "Mozilla", versions: [ { status: "affected", version: "before 68.3", }, ], }, { product: "Firefox ESR", vendor: "Mozilla", versions: [ { status: "affected", version: "before 68.3", }, ], }, { product: "Firefox", vendor: "Mozilla", versions: [ { status: "affected", version: "before 71", }, ], }, ], descriptions: [ { lang: "en", value: "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.", }, ], problemTypes: [ { descriptions: [ { description: "Out of bounds write in NSS when encrypting with a block cipher", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-12T06:08:36", orgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", shortName: "mozilla", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-36/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-38/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mozilla.org/security/advisories/mfsa2019-37/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", }, { name: "openSUSE-SU-2020:0003", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", }, { name: "openSUSE-SU-2020:0002", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", }, { name: "openSUSE-SU-2020:0008", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", }, { name: "USN-4241-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4241-1/", }, { name: "RHSA-2020:0243", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0243", }, { name: "RHSA-2020:0466", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0466", }, { name: "GLSA-202003-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-02", }, { name: "GLSA-202003-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-10", }, { name: "GLSA-202003-37", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-37", }, { name: "USN-4335-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4335-1/", }, { name: "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@mozilla.org", ID: "CVE-2019-11745", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Thunderbird", version: { version_data: [ { version_value: "before 68.3", }, ], }, }, { product_name: "Firefox ESR", version: { version_data: [ { version_value: "before 68.3", }, ], }, }, { product_name: "Firefox", version: { version_data: [ { version_value: "before 71", }, ], }, }, ], }, vendor_name: "Mozilla", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Out of bounds write in NSS when encrypting with a block cipher", }, ], }, ], }, references: { reference_data: [ { name: "https://www.mozilla.org/security/advisories/mfsa2019-36/", refsource: "CONFIRM", url: "https://www.mozilla.org/security/advisories/mfsa2019-36/", }, { name: "https://www.mozilla.org/security/advisories/mfsa2019-38/", refsource: "CONFIRM", url: "https://www.mozilla.org/security/advisories/mfsa2019-38/", }, { name: "https://www.mozilla.org/security/advisories/mfsa2019-37/", refsource: "CONFIRM", url: "https://www.mozilla.org/security/advisories/mfsa2019-37/", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", }, { name: "openSUSE-SU-2020:0003", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", }, { name: "openSUSE-SU-2020:0002", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", }, { name: "openSUSE-SU-2020:0008", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", }, { name: "USN-4241-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4241-1/", }, { name: "RHSA-2020:0243", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0243", }, { name: "RHSA-2020:0466", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0466", }, { name: "GLSA-202003-02", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-02", }, { name: "GLSA-202003-10", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-10", }, { name: "GLSA-202003-37", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-37", }, { name: "USN-4335-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4335-1/", }, { name: "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", assignerShortName: "mozilla", cveId: "CVE-2019-11745", datePublished: "2020-01-08T19:22:00", dateReserved: "2019-05-03T00:00:00", dateUpdated: "2024-08-04T23:03:32.560Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-18508
Vulnerability from cvelistv5
Published
2020-10-22 20:14
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes | x_refsource_MISC | |
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:08:22.039Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NSS", vendor: "Mozilla", versions: [ { lessThan: "3.41.1", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "3.36.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service through malformed signatures", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-12T05:57:40", orgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", shortName: "mozilla", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes", }, { tags: [ "x_refsource_MISC", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@mozilla.org", ID: "CVE-2018-18508", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NSS", version: { version_data: [ { version_affected: "<", version_value: "3.41.1", }, { version_affected: "<", version_value: "3.36.7", }, ], }, }, ], }, vendor_name: "Mozilla", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service through malformed signatures", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes", refsource: "MISC", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes", }, { name: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", refsource: "MISC", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", assignerShortName: "mozilla", cveId: "CVE-2018-18508", datePublished: "2020-10-22T20:14:42", dateReserved: "2018-10-19T00:00:00", dateUpdated: "2024-08-05T11:08:22.039Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29560
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < 2.15.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:26:06.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, { product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < 2.15.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-12T10:06:38", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2022-29560", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RUGGEDCOM ROX MX5000", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX MX5000RE", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1400", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1500", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1501", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1510", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1511", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1512", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1524", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1536", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX5000", version: { version_data: [ { version_value: "All versions < 2.15.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29560", datePublished: "2022-07-12T10:06:38", dateReserved: "2022-04-21T00:00:00", dateUpdated: "2024-08-03T06:26:06.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36749
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-27 14:15
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000re", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1400", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1500", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1501", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1510", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1511", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1512", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1524", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1536", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx5000", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-36749", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T13:57:48.336400Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T14:15:10.273Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:15.754Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36749", datePublished: "2023-07-11T09:07:15.754Z", dateReserved: "2023-06-27T11:37:08.703Z", dateUpdated: "2024-11-27T14:15:10.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36390
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response
without sanitization while throwing an “invalid params element name” error on the action parameters.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:56.373Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36390", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T21:06:50.284040Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T21:10:21.036Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an “invalid params element name” error on the action parameters.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:12.557Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36390", datePublished: "2023-07-11T09:07:12.557Z", dateReserved: "2023-06-21T14:46:26.354Z", dateUpdated: "2024-10-21T21:10:21.036Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36755
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-19 16:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.103Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "ruggedcom_rox_mx5000", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "ruggedcom_rox_mx5000re", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "ruggedcom_rox_rx1400", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "ruggedcom_rox_rx1500", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "ruggedcom_rox_rx1511", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "ruggedcom_rox_rx1512", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "ruggedcom_rox_rx1524", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "ruggedcom_rox_rx1536", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "ruggedcom_rox_rx5000", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-36755", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T16:25:28.010364Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T16:30:23.659Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:22.285Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36755", datePublished: "2023-07-11T09:07:22.285Z", dateReserved: "2023-06-27T11:37:08.704Z", dateUpdated: "2024-11-19T16:30:23.659Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36748
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-27 14:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over to and from the affected device.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36748", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T14:16:24.794778Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T14:16:46.630Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-326", description: "CWE-326: Inadequate Encryption Strength", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:14.689Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36748", datePublished: "2023-07-11T09:07:14.689Z", dateReserved: "2023-06-27T11:37:08.703Z", dateUpdated: "2024-11-27T14:16:46.630Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-17006
Vulnerability from cvelistv5
Published
2020-10-22 20:24
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210129-0001/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:24:48.804Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NSS", vendor: "Mozilla", versions: [ { lessThan: "3.46", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "missing length checks for cryptographic primitives", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-12T06:05:28", orgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", shortName: "mozilla", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@mozilla.org", ID: "CVE-2019-17006", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NSS", version: { version_data: [ { version_affected: "<", version_value: "3.46", }, ], }, }, ], }, vendor_name: "Mozilla", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "missing length checks for cryptographic primitives", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", refsource: "MISC", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", refsource: "MISC", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { name: "https://security.netapp.com/advisory/ntap-20210129-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", assignerShortName: "mozilla", cveId: "CVE-2019-17006", datePublished: "2020-10-22T20:24:25", dateReserved: "2019-09-30T00:00:00", dateUpdated: "2024-08-05T01:24:48.804Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36751
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-26 16:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.455Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000re", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1400", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1500", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1501", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1510", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1511", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1512", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1524", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1536", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx5000", vendor: "siemens", versions: [ { lessThan: "v2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-36751", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-26T16:36:23.343532Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T16:42:01.446Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:17.921Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36751", datePublished: "2023-07-11T09:07:17.921Z", dateReserved: "2023-06-27T11:37:08.703Z", dateUpdated: "2024-11-26T16:42:01.446Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41546
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.14.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:15:28.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-12T09:49:39", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-41546", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RUGGEDCOM ROX MX5000", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1400", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1500", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1501", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1510", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1511", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1512", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1524", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1536", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX5000", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-41546", datePublished: "2021-10-12T09:49:39", dateReserved: "2021-09-21T00:00:00", dateUpdated: "2024-08-04T03:15:28.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36753
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-12-02 18:56
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.239Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000re", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1400", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1500", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1501", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1510", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1511", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1512", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1524", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1536", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx5000", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-36753", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T18:50:15.983427Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T18:56:24.844Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:20.117Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36753", datePublished: "2023-07-11T09:07:20.117Z", dateReserved: "2023-06-27T11:37:08.703Z", dateUpdated: "2024-12-02T18:56:24.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37173
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.14.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:02.864Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269: Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-12T09:49:36", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-37173", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RUGGEDCOM ROX MX5000", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1400", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1500", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1501", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1510", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1511", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1512", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1524", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1536", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX5000", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-269: Improper Privilege Management", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-37173", datePublished: "2021-09-14T10:47:41", dateReserved: "2021-07-21T00:00:00", dateUpdated: "2024-08-04T01:16:02.864Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36750
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-26 18:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.252Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000re", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1400", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1500", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1501", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1510", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1511", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1512", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1524", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1536", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx5000", vendor: "siemens", versions: [ { lessThan: "2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-36750", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-26T18:35:58.218652Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T18:40:24.816Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:16.822Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36750", datePublished: "2023-07-11T09:07:16.822Z", dateReserved: "2023-06-27T11:37:08.703Z", dateUpdated: "2024-11-26T18:40:24.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37175
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.14.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:02.802Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, { product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.14.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-280", description: "CWE-280: Improper Handling of Insufficient Permissions or Privileges ", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-14T10:47:43", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-37175", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RUGGEDCOM ROX MX5000", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1400", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1500", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1501", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1510", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1511", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1512", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1524", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX1536", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, { product_name: "RUGGEDCOM ROX RX5000", version: { version_data: [ { version_value: "All versions < V2.14.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-280: Improper Handling of Insufficient Permissions or Privileges ", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-37175", datePublished: "2021-09-14T10:47:43", dateReserved: "2021-07-21T00:00:00", dateUpdated: "2024-08-04T01:16:02.802Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36389
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected
directly in the response without sanitization while throwing an “invalid path” error.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:56.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36389", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T21:06:51.541223Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T21:10:27.428Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an “invalid path” error.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:11.475Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36389", datePublished: "2023-07-11T09:07:11.475Z", dateReserved: "2023-06-21T14:31:54.523Z", dateUpdated: "2024-10-21T21:10:27.428Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36754
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-12-10 17:04
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.240Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36754", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T17:04:20.520881Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T17:04:35.432Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:07:21.194Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-36754", datePublished: "2023-07-11T09:07:21.194Z", dateReserved: "2023-06-27T11:37:08.704Z", dateUpdated: "2024-12-10T17:04:35.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-25217
Vulnerability from cvelistv5
Published
2021-05-26 22:10
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:56:11.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://kb.isc.org/docs/cve-2021-25217", }, { name: "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/05/26/6", }, { name: "FEDORA-2021-08cdb4dc34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/", }, { name: "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html", }, { name: "FEDORA-2021-8ca8263bde", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220325-0011/", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", }, { name: "GLSA-202305-22", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-22", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ISC DHCP", vendor: "ISC", versions: [ { lessThan: "4.1-ESV-R16-P1", status: "affected", version: "4.1 ESV", versionType: "custom", }, { lessThan: "4.4.2-P1", status: "affected", version: "4.4", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "ISC would like to thank Jon Franklin from Dell and Pawel Wieczorkiewicz from Amazon Web Services for (independently) reporting this vulnerability.", }, ], datePublic: "2021-05-26T00:00:00", descriptions: [ { lang: "en", value: "In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.", }, ], exploits: [ { lang: "en", value: "We are not aware of any active exploits.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T00:00:00", orgId: "404fd4d2-a609-4245-b543-2c944a302a22", shortName: "isc", }, references: [ { url: "https://kb.isc.org/docs/cve-2021-25217", }, { name: "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/05/26/6", }, { name: "FEDORA-2021-08cdb4dc34", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/", }, { name: "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html", }, { name: "FEDORA-2021-8ca8263bde", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf", }, { url: "https://security.netapp.com/advisory/ntap-20220325-0011/", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", }, { name: "GLSA-202305-22", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-22", }, ], solutions: [ { lang: "en", value: "Upgrade to the patched release most closely related to your current version of ISC DHCP:\n\n ISC DHCP 4.1-ESV-R16-P1\n ISC DHCP 4.4.2-P1", }, ], source: { discovery: "USER", }, title: "A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient", workarounds: [ { lang: "en", value: "None known.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22", assignerShortName: "isc", cveId: "CVE-2021-25217", datePublished: "2021-05-26T22:10:11.312869Z", dateReserved: "2021-01-15T00:00:00", dateUpdated: "2024-09-16T22:08:32.175Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }