VDB
ICSA-21-259-01
ICSA-21-259-01
PUBLISHED
CVSS 8.800000190734863 HIGH
Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RUGGEDCOM ROX MX5000 | ||
| RUGGEDCOM ROX RX1536 | ||
| RUGGEDCOM ROX RX1400 | ||
| RUGGEDCOM ROX RX1511 | ||
| RUGGEDCOM ROX RX1500 | ||
| RUGGEDCOM ROX RX1524 | ||
| RUGGEDCOM ROX RX1510 | ||
| RUGGEDCOM ROX RX1501 | ||
| RUGGEDCOM ROX RX5000 | ||
| RUGGEDCOM ROX RX1512 |
Timeline
- Sep 14, 2021 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-150692.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-150692.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-259-01.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-259-01 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109800780/ fix