Reflected Cross-Site Scripting in Siemens RUGGEDCOM ROX I
CVE-2017-2687

6.1MEDIUM

Key Information:

Vendor
Siemens
Status
Ruggedcom Rox I All Versions
Vendor
CVE Published:
29 March 2017

Summary

Siemens RUGGEDCOM ROX I is affected by a reflected Cross-Site Scripting vulnerability in its integrated web server, which listens on port 10000/TCP. An attacker can exploit this security flaw by persuading a user to click on a crafted malicious link, enabling the execution of arbitrary scripts in the context of the user's web browser. This may lead to unauthorized actions and expose sensitive information, highlighting the importance of implementing security measures to mitigate potential risks.

Affected Version(s)

RUGGEDCOM ROX I All RUGGEDCOM ROX I All versions

References

http://www.securityfocus.com/bid/97170
vdb-entryx_refsource_BID
https://www.siemens.com/cert/pool/cert/siemens_security_a...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038160
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.