cve-2022-29561
Vulnerability from cvelistv5
Published
2023-07-11 09:06
Modified
2024-11-12 19:11
Severity ?
EPSS score ?
0.16%
(0.3389)
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | RUGGEDCOM ROX MX5000 |
Version: All versions < V2.16.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:26:05.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_mx5000re", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1400", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1500", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1501", vendor: "siemens", versions: [ { lessThan: "V2.16.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1510", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1511", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1512", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1524", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx1536", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, { cpes: [ "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruggedcom_rox_rx5000", vendor: "siemens", versions: [ { status: "affected", version: "V2.16.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-29561", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T19:06:12.746479Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T19:11:46.270Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX MX5000RE", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1500", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1501", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1510", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1511", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1512", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1524", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX1536", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, { defaultStatus: "unknown", product: "RUGGEDCOM ROX RX5000", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.16.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352: Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T09:06:58.988Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29561", datePublished: "2023-07-11T09:06:58.988Z", dateReserved: "2022-04-21T13:34:15.980Z", dateUpdated: "2024-11-12T19:11:46.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2022-29561\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2023-07-11T10:15:09.970\",\"lastModified\":\"2024-11-21T06:59:19.360\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"B70C9A14-F31D-452F-8F7E-368E1ED7165C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAD1B18F-9C37-48CC-92E2-9C5E66B206CB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_mx5000re_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"C095D9B0-79A3-44A7-9683-B8DEF689D65F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38734DFA-A5DF-4284-BD79-7C0ED6CD8A5C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"3A0D1757-6A48-4C53-877A-947CDDD67793\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12BD4008-DB6A-4749-A426-D2DE44819A9D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"957788AA-B685-42B6-8BE9-B61D20B68144\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E79B422-C844-411C-AA49-CFD73D3C6E2D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"02E80465-DCD4-4CEB-AB5C-DFD86A5DB2E8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53AAEC5C-06EE-4C58-A981-EBF5860CEF16\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"BEC2AF9C-52CA-48FF-A4CD-C042EF225000\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0751225A-6E9C-4281-93A4-A048920FF7C6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"D0889DDD-C18A-4605-907C-0AAC4362FC94\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"FA09F789-1903-4487-A108-684EA9423F32\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41ADD701-AD49-46B2-A12E-219CCED32298\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"76CF386C-0665-401C-9E5F-D3A89E6C2847\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8C70D90-E8FA-4343-9027-152A99D79C82\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"A813AC2B-2F29-45D7-AB27-657A36399F80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1775F3B-6F47-4134-8B4E-CF6337FF546C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"6AF925B2-B147-4CB0-8789-D68C38135BEE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E0E33F2-E89B-4008-BED2-CF2296801078\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:26:05.943Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-29561\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-12T19:06:12.746479Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_mx5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.16.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_mx5000re\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.16.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_rx1400\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.16.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_rx1500\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.16.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_rx1501\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.16.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_rx1510\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_rx1511\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_rx1512\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_rx1524\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_rx1536\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"ruggedcom_rox_rx5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.16.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-12T19:11:38.635Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX MX5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX MX5000RE\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1400\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1500\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1501\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1510\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1511\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1512\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1524\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1536\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions < V2.16.0\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2023-07-11T09:06:58.988Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2022-29561\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-12T19:11:46.270Z\", \"dateReserved\": \"2022-04-21T13:34:15.980Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2023-07-11T09:06:58.988Z\", \"assignerShortName\": \"siemens\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.