Reflected Cross-Site Scripting Vulnerability in RUGGEDCOM ROX Products by Siemens
CVE-2023-36386

8.8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 11 July 2023

Summary

A reflected cross-site scripting (XSS) vulnerability has been identified in the web interface of multiple RUGGEDCOM ROX products, including the MX5000 and RX series. This vulnerability allows attackers to inject malicious JavaScript code that is executed in the context of the user's browser. Exploitation requires users to be tricked into clicking on a malicious link that causes the application to reflect user-provided input without proper sanitization. The affected versions are all prior to V2.16.0, and users should upgrade to the latest versions to mitigate this risk.

Affected Version(s)

RUGGEDCOM ROX MX5000 All versions < V2.16.0

RUGGEDCOM ROX MX5000RE All versions < V2.16.0

RUGGEDCOM ROX RX1400 All versions < V2.16.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14632...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 21, 2023