CVE-2022-2347
Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Ruggedcom Rox are affected: RUGGEDCOM ROX MX5000 vers:intdot/RUGGEDCOM ROX MX5000RE vers:intdot/RUGGEDCOM ROX RX1400 vers:intdot/RUGGEDCOM ROX RX1500 vers:intdot/RUGGEDCOM ROX RX1501 vers:intdot/RUGGEDCOM ROX RX1510 vers:intdot/RUGGEDCOM ROX RX1511 vers:intdot/RUGGEDCOM ROX RX1512 vers:intdot/RUGGEDCOM ROX RX1524 vers:intdot/RUGGEDCOM ROX RX1536 vers:intdot/RUGGEDCOM ROX RX5000 vers:intdot/ CVSS Vendor Equipment Vulnerabilities v3 9.8 Siemens Siemens Ruggedcom Rox Uncontrolled Recursion, Integer Underflow (Wrap or Wraparound), Out-of-bounds Write, Out-of-bounds Read, Improper Input Validation, Heap-based Buffer Overflow, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Use After Free, Improper Validation of Syntactic Correctness of Input, Improper Control of a Resource Through its Lifetime, Integer Overflow or Wraparound, Incorrect Calculation of Buffer Size, Use of Weak Hash, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Stack-based Buffer Overflow, Expired Pointer Dereference Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany
EPSS 0.03% · 10.6th percentile
Risk Scores
Timeline
- Sep 23, 2022 CVE Published
- Sep 24, 2022 EPSS Score
- Nov 8, 2022 EPSS Score
- Dec 22, 2022 EPSS Score
- Feb 5, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 21, 2023 EPSS Score
- May 5, 2023 EPSS Score
- Jun 18, 2023 EPSS Score
- Aug 2, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-16 advisory
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-16.json advisory
- https://www.cve.org/CVERecord?id=CVE-2019-13103 technical
- https://support.industry.siemens.com/cs/ww/en/view/110002017/ vendor
- https://cwe.mitre.org/data/definitions/674.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2019-13104 technical
- https://cwe.mitre.org/data/definitions/191.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2019-13106 technical
- https://cwe.mitre.org/data/definitions/787.html technical
- https://www.cve.org/CVERecord?id=CVE-2019-14192 technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2019-14193 technical
- https://www.cve.org/CVERecord?id=CVE-2019-14194 technical
- https://www.cve.org/CVERecord?id=CVE-2019-14195 technical
- https://www.cve.org/CVERecord?id=CVE-2019-14196 technical
- https://www.cve.org/CVERecord?id=CVE-2019-14197 technical
- https://cwe.mitre.org/data/definitions/125.html technical
- https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H technical
…and 49 more