Insecure TLS Protocol Vulnerability in RUGGEDCOM ROX Products by Siemens
CVE-2023-36749

7.4HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 11 July 2023

Summary

A significant vulnerability exists in multiple RUGGEDCOM ROX products, where the webserver supports the outdated and insecure TLS 1.0 protocol. This flaw allows attackers to potentially execute man-in-the-middle attacks, jeopardizing the confidentiality and integrity of sensitive data transmitted between the device and other endpoints. Users of RUGGEDCOM ROX devices are advised to upgrade their systems to at least version V2.16.0 to mitigate this risk effectively.

Affected Version(s)

RUGGEDCOM ROX MX5000 All versions < V2.16.0

RUGGEDCOM ROX MX5000RE All versions < V2.16.0

RUGGEDCOM ROX RX1400 All versions < V2.16.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14632...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 27, 2023