Command Injection Vulnerability in RUGGEDCOM ROX Devices by Siemens
CVE-2022-29560

7.2HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 12 July 2022

What is CVE-2022-29560?

A command injection vulnerability has been discovered in RUGGEDCOM ROX devices by Siemens, affecting multiple models with versions prior to 2.15.1. This weakness stems from the failure to adequately validate user input through the shell or web CLI, allowing an attacker with administrative access to execute arbitrary commands on the underlying operating system as the root user. This could lead to unauthorized control over the device, highlighting the importance of timely updates and security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RUGGEDCOM ROX MX5000 All versions < 2.15.1

RUGGEDCOM ROX MX5000RE All versions < 2.15.1

RUGGEDCOM ROX RX1400 All versions < 2.15.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-59950...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Apr 21, 2022

JSON

Siemens

What is CVE-2022-29560?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.