VDB
ICSA-25-226-14
ICSA-25-226-14
PUBLISHED
CVSS 4.099999904632568 MEDIUM
RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the devices. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Risk Scores
CVSS v3.1
4.099999904632568
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RUGGEDCOM ROX MX5000 | ||
| RUGGEDCOM ROX RX1510 | ||
| RUGGEDCOM ROX RX1536 | ||
| RUGGEDCOM ROX RX5000 | ||
| RUGGEDCOM ROX MX5000RE | ||
| RUGGEDCOM ROX RX1500 | ||
| RUGGEDCOM ROX RX1511 | ||
| RUGGEDCOM ROX RX1501 | ||
| RUGGEDCOM ROX RX1512 | ||
| RUGGEDCOM ROX RX1400 | ||
| RUGGEDCOM ROX RX1524 |
Timeline
- Aug 12, 2025 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-665108.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-665108.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-226-14.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-14 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url