CVE-2024-57258 — Vulnetix

CVE-2024-57258 PUBLISHED CVSS 9.800000190734863 CRITICAL

Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Ruggedcom Rox are affected: RUGGEDCOM ROX MX5000 vers:intdot/RUGGEDCOM ROX MX5000RE vers:intdot/RUGGEDCOM ROX RX1400 vers:intdot/RUGGEDCOM ROX RX1500 vers:intdot/RUGGEDCOM ROX RX1501 vers:intdot/RUGGEDCOM ROX RX1510 vers:intdot/RUGGEDCOM ROX RX1511 vers:intdot/RUGGEDCOM ROX RX1512 vers:intdot/RUGGEDCOM ROX RX1524 vers:intdot/RUGGEDCOM ROX RX1536 vers:intdot/RUGGEDCOM ROX RX5000 vers:intdot/ CVSS Vendor Equipment Vulnerabilities v3 9.8 Siemens Siemens Ruggedcom Rox Uncontrolled Recursion, Integer Underflow (Wrap or Wraparound), Out-of-bounds Write, Out-of-bounds Read, Improper Input Validation, Heap-based Buffer Overflow, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Use After Free, Improper Validation of Syntactic Correctness of Input, Improper Control of a Resource Through its Lifetime, Integer Overflow or Wraparound, Incorrect Calculation of Buffer Size, Use of Weak Hash, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Stack-based Buffer Overflow, Expired Pointer Dereference Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany

EPSS 0.04% · 13.3th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score

0.04%

13.3th percentile

Timeline

Feb 18, 2025 CVE Published
Feb 18, 2025 PoC Published
Feb 19, 2025 EPSS Score
Feb 19, 2025 PoC Published
Feb 19, 2025 PoC Published
Mar 5, 2025 EPSS Score
Mar 14, 2025 Coalition ESS Score
Mar 20, 2025 EPSS Score
Apr 3, 2025 EPSS Score
Apr 17, 2025 EPSS Score
May 1, 2025 EPSS Score
May 16, 2025 EPSS Score

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-16 advisory
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-16.json advisory
https://www.cve.org/CVERecord?id=CVE-2019-13103 technical
https://support.industry.siemens.com/cs/ww/en/view/110002017/ vendor
https://cwe.mitre.org/data/definitions/674.html technical
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H technical
https://www.cve.org/CVERecord?id=CVE-2019-13104 technical
https://cwe.mitre.org/data/definitions/191.html technical
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H technical
https://www.cve.org/CVERecord?id=CVE-2019-13106 technical
https://cwe.mitre.org/data/definitions/787.html technical
https://www.cve.org/CVERecord?id=CVE-2019-14192 technical
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H technical
https://www.cve.org/CVERecord?id=CVE-2019-14193 technical
https://www.cve.org/CVERecord?id=CVE-2019-14194 technical
https://www.cve.org/CVERecord?id=CVE-2019-14195 technical
https://www.cve.org/CVERecord?id=CVE-2019-14196 technical
https://www.cve.org/CVERecord?id=CVE-2019-14197 technical
https://cwe.mitre.org/data/definitions/125.html technical
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H technical

…and 49 more

Open in Interactive Console →