VDB
CVE-2021-37175
CVE-2021-37175
PUBLISHED
CVSS 5 MEDIUM
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.
EPSS 0.23% · 46.6th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.23%
46.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | ruggedcom_rox_mx5000_firmware | 0 |
| Siemens | RUGGEDCOM ROX RX1536 | * |
| siemens | ruggedcom_rox_rx5000_firmware | 0 |
| siemens | ruggedcom_rox_rx1524_firmware | 0 |
| siemens | ruggedcom_rox_rx1536_firmware | 0 |
| siemens | ruggedcom_rox_rx1500_firmware | 0 |
| Siemens | RUGGEDCOM ROX RX1524 | All versions < V2.14.1 |
| Siemens | RUGGEDCOM ROX RX1510 | All versions < V2.14.1 |
| Siemens | RUGGEDCOM ROX RX1511 | All versions < V2.14.1 |
| Siemens | RUGGEDCOM ROX RX5000 | All versions < V2.14.1 |
| siemens | ruggedcom_rox_rx1400_firmware | 0 |
| Siemens | RUGGEDCOM ROX RX1501 | All versions < V2.14.1 |
| siemens | ruggedcom_rox_rx1512_firmware | 0 |
| siemens | ruggedcom_rox_rx1501_firmware | 0 |
| Siemens | RUGGEDCOM ROX RX1500 | * |
| siemens | ruggedcom_rox_rx1511_firmware | 0 |
| siemens | ruggedcom_rox_rx1510_firmware | 0 |
| Siemens | RUGGEDCOM ROX MX5000 | All versions < V2.14.1 |
| Siemens | RUGGEDCOM ROX RX1400 | * |
| Siemens | RUGGEDCOM ROX RX1512 | All versions < V2.14.1 |
Exploit Intelligence
- This proof-of-concept script exploits a vulnerability in OpenSSH versions prior to 7.4 (CVE-2016-10708) by sending unexpected `SSH_MSG_NEWKEYS` packets. (github-poc)
- This proof-of-concept script exploits a vulnerability in OpenSSH versions prior to 7.4 (CVE-2016-10708) by sending unexpected `SSH_MSG_NEWKEYS` packets. (github-poc)
- This proof-of-concept script exploits a vulnerability in OpenSSH versions prior to 7.4 (CVE-2016-10708) by sending unexpected `SSH_MSG_NEWKEYS` packets. (github-poc)
- This proof-of-concept script exploits a vulnerability in OpenSSH versions prior to 7.4 (CVE-2016-10708) by sending unexpected `SSH_MSG_NEWKEYS` packets. (github-poc)
- This proof-of-concept script exploits a vulnerability in OpenSSH versions prior to 7.4 (CVE-2016-10708) by sending unexpected `SSH_MSG_NEWKEYS` packets. (github-poc)
- https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf (circl)
Timeline
- Apr 13, 2021 CVE Published
- Sep 15, 2021 EPSS Score
- Nov 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 8, 2022 EPSS Score
- Mar 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 3, 2022 EPSS Score
- Jun 29, 2022 EPSS Score
- Aug 27, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 20, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf advisory
…and 2 more