QID 590741

Date Published: 2022-03-17

QID 590741: Siemens RUGGEDCOM ROX Multiple Vulnerabilities (ICSA-21-259-01)

AFFECTED PRODUCTS
The following versions of RUGGEDCOM ROX are affected:
RUGGEDCOM ROX MX5000: All versions prior to v2.14.1
RUGGEDCOM ROX RX1400: All versions prior to v2.14.1
RUGGEDCOM ROX RX1500: All versions prior to v2.14.1
RUGGEDCOM ROX RX1501: All versions prior to v2.14.1
RUGGEDCOM ROX RX1510: All versions prior to v2.14.1
RUGGEDCOM ROX RX1511: All versions prior to v2.14.1
RUGGEDCOM ROX RX1512: All versions prior to v2.14.1
RUGGEDCOM ROX RX1524: All versions prior to v2.14.1
RUGGEDCOM ROX RX1536: All versions prior to v2.14.1
RUGGEDCOM ROX RX5000: All versions prior to v2.14.1

QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning

Successful exploitation of these vulnerabilities could allow an attacker to gain root access to the affected devices.

  • CVSS V3 rated as Critical - 8.8 severity.
  • CVSS V2 rated as Critical - 9 severity.
  • Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-21-259-01 for affected packages and patching details.

    Vendor References

    CVEs related to QID 590741

    Software Advisories
    Advisory ID Software Component Link
    icsa-21-259-01 URL Logo www.cisa.gov/uscert/ics/advisories/icsa-21-259-01