CVE-2022-34835
Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Ruggedcom Rox are affected: RUGGEDCOM ROX MX5000 vers:intdot/RUGGEDCOM ROX MX5000RE vers:intdot/RUGGEDCOM ROX RX1400 vers:intdot/RUGGEDCOM ROX RX1500 vers:intdot/RUGGEDCOM ROX RX1501 vers:intdot/RUGGEDCOM ROX RX1510 vers:intdot/RUGGEDCOM ROX RX1511 vers:intdot/RUGGEDCOM ROX RX1512 vers:intdot/RUGGEDCOM ROX RX1524 vers:intdot/RUGGEDCOM ROX RX1536 vers:intdot/RUGGEDCOM ROX RX5000 vers:intdot/ CVSS Vendor Equipment Vulnerabilities v3 9.8 Siemens Siemens Ruggedcom Rox Uncontrolled Recursion, Integer Underflow (Wrap or Wraparound), Out-of-bounds Write, Out-of-bounds Read, Improper Input Validation, Heap-based Buffer Overflow, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Use After Free, Improper Validation of Syntactic Correctness of Input, Improper Control of a Resource Through its Lifetime, Integer Overflow or Wraparound, Incorrect Calculation of Buffer Size, Use of Weak Hash, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Stack-based Buffer Overflow, Expired Pointer Dereference Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany
EPSS 0.42% · 62.3th percentile
Risk Scores
Exploit Intelligence
- CIRCL seen: CVE-2022-34835 (circl-sighting)
- https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html (circl)
- https://lists.denx.de/pipermail/u-boot/2022-June/486113.html (circl)
- https://github.com/u-boot/u-boot/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 (circl)
- https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 (circl)
Timeline
- Jun 29, 2022 CVE Published
- Jun 30, 2022 EPSS Score
- Jun 30, 2022 PoC Published
- Aug 18, 2022 EPSS Score
- Oct 4, 2022 EPSS Score
- Nov 21, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 12, 2023 EPSS Score
- May 30, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 2, 2023 EPSS Score
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-16 advisory
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-16.json advisory
- https://www.cve.org/CVERecord?id=CVE-2019-13103 technical
- https://support.industry.siemens.com/cs/ww/en/view/110002017/ vendor
- https://cwe.mitre.org/data/definitions/674.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2019-13104 technical
- https://cwe.mitre.org/data/definitions/191.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2019-13106 technical
- https://cwe.mitre.org/data/definitions/787.html technical
- https://www.cve.org/CVERecord?id=CVE-2019-14192 technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2019-14193 technical
- https://www.cve.org/CVERecord?id=CVE-2019-14194 technical
- https://www.cve.org/CVERecord?id=CVE-2019-14195 technical
- https://www.cve.org/CVERecord?id=CVE-2019-14196 technical
- https://www.cve.org/CVERecord?id=CVE-2019-14197 technical
- https://cwe.mitre.org/data/definitions/125.html technical
- https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H technical
…and 49 more