Cross-Site Request Forgery Vulnerability in RUGGEDCOM ROX Products by Siemens
CVE-2022-29561

7.5HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 11 July 2023

Summary

A vulnerability exists in the web interface of various RUGGEDCOM ROX devices manufactured by Siemens, affecting all versions prior to V2.16.0. This flaw allows attackers to exploit Cross-Site Request Forgery (CSRF) attacks, where they can trick authenticated users into unwittingly executing arbitrary actions on their devices. By persuading users to click on malicious links, threat actors can bypass standard authentication protocols and manipulate device configurations, potentially leading to unauthorized access and control.

Affected Version(s)

RUGGEDCOM ROX MX5000 All versions < V2.16.0

RUGGEDCOM ROX MX5000RE All versions < V2.16.0

RUGGEDCOM ROX RX1400 All versions < V2.16.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14632...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Apr 21, 2022