VDB

CVE-2024-56836

CVE-2024-56836 PUBLISHED CVSS 7.5 HIGH

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.

EPSS 0.02% · 3.0th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
0.02%
3.0th percentile

Affected Products

VendorProductVersions
SiemensRUGGEDCOM ROX RX50000
siemensruggedcom_rox_ii_firmware0
SiemensRUGGEDCOM ROX RX15000
SiemensRUGGEDCOM ROX RX15010
SiemensRUGGEDCOM ROX MX50000
SiemensRUGGEDCOM ROX RX15120
SiemensRUGGEDCOM ROX RX15100
SiemensRUGGEDCOM ROX RX14000
SiemensRUGGEDCOM ROX MX5000RE0
SiemensRUGGEDCOM ROX RX15240
SiemensRUGGEDCOM ROX RX15360
SiemensRUGGEDCOM ROX RX15110

Timeline

  • Dec 9, 2025 EPSS Score
  • Dec 9, 2025 CVE Published
  • Dec 13, 2025 EPSS Score
  • Dec 17, 2025 EPSS Score
  • Dec 22, 2025 EPSS Score
  • Dec 26, 2025 EPSS Score
  • Dec 30, 2025 EPSS Score
  • Jan 3, 2026 EPSS Score
  • Jan 7, 2026 EPSS Score
  • Jan 12, 2026 EPSS Score
  • Jan 13, 2026 CVE Updated
  • Jan 16, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›