Command Injection Vulnerability in Siemens RUGGEDCOM Devices
CVE-2025-33024

9.4CRITICAL

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-33024?

The RUGGEDCOM ROX series devices by Siemens contain a vulnerability in the 'tcpdump' tool within their web interface. This issue arises from inadequate server-side input sanitization, enabling an authenticated remote attacker to execute arbitrary code with root privileges. Affected versions are all prior to V2.16.5 of the respective models, posing a significant security risk if not addressed promptly.

Affected Version(s)

RUGGEDCOM ROX MX5000 0

RUGGEDCOM ROX MX5000RE 0

RUGGEDCOM ROX RX1400 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3012...

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 15, 2025