Web-Based Code Injection Vulnerability in RUGGEDCOM Devices by Siemens
CVE-2022-34663

8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom I800; Ruggedcom I800nc; Ruggedcom I801; Ruggedcom I801nc
Vendor: CVE Published:; 12 July 2022

Summary

A web-based vulnerability has been discovered in various RUGGEDCOM devices, allowing attackers to perform code injection via the console. This issue can lead to unauthorized code execution, potentially compromising the functionality of legitimate user sessions accessing affected devices. Remediation is necessary to prevent malicious attacks that exploit this vulnerability, highlighting the need for stringent cybersecurity measures.

Affected Version(s)

RUGGEDCOM i800 All versions < V4.3.8

RUGGEDCOM i800NC All versions < V4.3.8

RUGGEDCOM i801 All versions < V4.3.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84080...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jun 27, 2022