Vulnetix
Try Vulnetix Request Demo
SSA-665108 PUBLISHED CVSS 4.099999904632568 MEDIUM

RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the devices. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1
4.099999904632568
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

Affected Products

VendorProductVersions
RUGGEDCOM ROX RX1501
RUGGEDCOM ROX RX1500
RUGGEDCOM ROX RX1524
RUGGEDCOM ROX RX1536
RUGGEDCOM ROX MX5000RE
RUGGEDCOM ROX RX1510
RUGGEDCOM ROX RX5000
RUGGEDCOM ROX RX1400
RUGGEDCOM ROX RX1512
RUGGEDCOM ROX RX1511
RUGGEDCOM ROX MX5000

Timeline

References

Open in Interactive Console →