Reflected Cross-Site Scripting Vulnerability in RUGGEDCOM ROX Products
CVE-2023-36390

8.8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 11 July 2023

Summary

A reflected cross-site scripting vulnerability exists within the web interface of several RUGGEDCOM ROX products. The issue arises from the improper sanitization of user input, allowing an attacker to execute malicious JavaScript code by deceiving users into clicking on a specially crafted link. This vulnerability may lead to unauthorized actions executed in the context of the user’s session, potentially compromising sensitive information and affecting the security of the user's environment.

Affected Version(s)

RUGGEDCOM ROX MX5000 All versions < V2.16.0

RUGGEDCOM ROX MX5000RE All versions < V2.16.0

RUGGEDCOM ROX RX1400 All versions < V2.16.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14632...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 21, 2023