Malformed HTTP Packet Handling Vulnerability in RUGGEDCOM ROX Products
CVE-2022-29562

3.7LOW

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 11 July 2023

What is CVE-2022-29562?

A vulnerability in various RUGGEDCOM ROX products has been identified, where devices fail to process malformed HTTP packets correctly. This flaw could allow an unauthenticated remote attacker to send specially crafted HTTP packets, potentially causing specific functions to fail in a controlled manner. Systems operating on versions prior to V2.16.0 are particularly at risk, necessitating immediate attention to ensure proper security measures are in place.

Affected Version(s)

RUGGEDCOM ROX MX5000 All versions < V2.16.0

RUGGEDCOM ROX MX5000RE All versions < V2.16.0

RUGGEDCOM ROX RX1400 All versions < V2.16.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14632...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Apr 21, 2022

Siemens

What is CVE-2022-29562?

Affected Version(s)

References

CVSS V3.1

Timeline