Command Injection Vulnerability in RUGGEDCOM ROX Devices by Siemens
CVE-2023-36752

9.1CRITICAL

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 11 July 2023

What is CVE-2023-36752?

A command injection vulnerability exists in various RUGGEDCOM ROX devices due to inadequate server-side input validation on the upgrade-app URL parameter in the web interface. This flaw permits an authenticated privileged remote attacker to execute arbitrary commands with root privileges, potentially exposing sensitive system data and compromising device integrity. Users are urged to upgrade to version V2.16.0 or later to mitigate this risk. For detailed information, please refer to the advisory issued by Siemens.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RUGGEDCOM ROX MX5000 All versions < V2.16.0

RUGGEDCOM ROX MX5000RE All versions < V2.16.0

RUGGEDCOM ROX RX1400 All versions < V2.16.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-14632...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 27, 2023

JSON

Siemens

What is CVE-2023-36752?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.