Web-Based Code Injection Vulnerability in RUGGEDCOM Devices by Siemens
CVE-2022-34663

8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom I800; Ruggedcom I800nc; Ruggedcom I801; Ruggedcom I801nc
Vendor: CVE Published:; 12 July 2022

What is CVE-2022-34663?

A web-based vulnerability has been discovered in various RUGGEDCOM devices, allowing attackers to perform code injection via the console. This issue can lead to unauthorized code execution, potentially compromising the functionality of legitimate user sessions accessing affected devices. Remediation is necessary to prevent malicious attacks that exploit this vulnerability, highlighting the need for stringent cybersecurity measures.

Affected Version(s)

RUGGEDCOM i800 0

RUGGEDCOM i800NC 0

RUGGEDCOM i801 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84080...

https://cert-portal.siemens.com/productcert/html/ssa-8408...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jun 27, 2022