cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-28398,https://securityvulnerability.io/vulnerability/CVE-2020-28398,Cross-Site Request Forgery (CSRF) Vulnerability Affects RUGGEDCOM ROX Devices,"A vulnerability exists in the command-line interface (CLI) feature within the web interface of several RUGGEDCOM ROX products. This vulnerability can be exploited through cross-site request forgery (CSRF), allowing attackers to manipulate device configurations. If a legitimate user is tricked into clicking a malicious link, an attacker may gain unauthorized access to modify device settings. It is essential for organizations using affected RUGGEDCOM products to update their systems to version 2.16.0 or later to mitigate potential risks.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",8.8,HIGH,0.0005799999926239252,false,,false,false,false,,false,false,2024-12-10T13:53:19.090Z,0
CVE-2023-36755,https://securityvulnerability.io/vulnerability/CVE-2023-36755,Command Injection Vulnerability in RUGGEDCOM ROX Products by Siemens,"A command injection vulnerability exists in the SCEP CA Certificate Name parameter of the web interface on multiple RUGGEDCOM ROX devices prior to version 2.16.0. This flaw arises due to inadequate server-side input validation, allowing an authenticated user with privileged access to execute arbitrary commands with root permissions. Attackers could exploit this vulnerability to gain control of affected devices, posing significant security risks within network environments.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",9.1,CRITICAL,0.0014299999456852674,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36749,https://securityvulnerability.io/vulnerability/CVE-2023-36749,Insecure TLS Protocol Vulnerability in RUGGEDCOM ROX Products by Siemens,"A significant vulnerability exists in multiple RUGGEDCOM ROX products, where the webserver supports the outdated and insecure TLS 1.0 protocol. This flaw allows attackers to potentially execute man-in-the-middle attacks, jeopardizing the confidentiality and integrity of sensitive data transmitted between the device and other endpoints. Users of RUGGEDCOM ROX devices are advised to upgrade their systems to at least version V2.16.0 to mitigate this risk effectively.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",7.4,HIGH,0.0011099999537691474,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36748,https://securityvulnerability.io/vulnerability/CVE-2023-36748,Weak Cipher Configuration in RUGGEDCOM ROX Devices by Siemens,"A significant vulnerability has been found in RUGGEDCOM ROX devices that are configured to offer weak ciphers by default. This issue may allow an unauthorized attacker to place themselves in a man-in-the-middle position, facilitating the reading and modification of sensitive data transmitted to and from the affected devices. Users of RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 models are advised to upgrade to version 2.16.0 or later to mitigate potential risks.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",5.9,MEDIUM,0.0011099999537691474,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36750,https://securityvulnerability.io/vulnerability/CVE-2023-36750,Command Injection Vulnerability in RUGGEDCOM ROX Devices by Siemens,"A command injection vulnerability has been detected in the web interface of RUGGEDCOM ROX devices produced by Siemens. This issue affects all versions prior to V2.16.0 across various models. The vulnerability stems from the software-upgrade URL parameter, which lacks proper server-side input sanitization. An authenticated attacker with elevated privileges could exploit this weakness to execute arbitrary commands with root capabilities, potentially compromising the integrity and security of the affected systems.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",9.1,CRITICAL,0.0014299999456852674,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36751,https://securityvulnerability.io/vulnerability/CVE-2023-36751,Command Injection Vulnerability in RUGGEDCOM ROX Products by Siemens,"A command injection vulnerability has been discovered in the web interface of RUGGEDCOM ROX devices, stemming from inadequate server-side input sanitization of the install-app URL parameter. This flaw allows an authenticated attacker with privileged access to execute arbitrary commands, potentially gaining root access. Affected devices include RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000, all prior to version 2.16.0. It is essential for users to upgrade their systems to the latest version to mitigate the risk of exploitation.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",9.1,CRITICAL,0.0014299999456852674,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36752,https://securityvulnerability.io/vulnerability/CVE-2023-36752,Command Injection Vulnerability in RUGGEDCOM ROX Devices by Siemens,"A command injection vulnerability exists in various RUGGEDCOM ROX devices due to inadequate server-side input validation on the upgrade-app URL parameter in the web interface. This flaw permits an authenticated privileged remote attacker to execute arbitrary commands with root privileges, potentially exposing sensitive system data and compromising device integrity. Users are urged to upgrade to version V2.16.0 or later to mitigate this risk. For detailed information, please refer to the advisory issued by Siemens.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",9.1,CRITICAL,0.0014299999456852674,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36753,https://securityvulnerability.io/vulnerability/CVE-2023-36753,Command Injection Vulnerability in RUGGEDCOM ROX MX5000 Series by Siemens,"A command injection vulnerability has been discovered in the web interface of various RUGGEDCOM ROX devices, specifically targeting the uninstall-app App-name parameter. Due to inadequate server-side input sanitization, this flaw allows an authenticated privileged remote attacker to execute arbitrary code with root privileges, potentially compromising the entire system. Users are urged to upgrade to version V2.16.0 or later to mitigate the risks associated with this vulnerability.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",9.1,CRITICAL,0.0014299999456852674,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36754,https://securityvulnerability.io/vulnerability/CVE-2023-36754,Command Injection Vulnerability in RUGGEDCOM ROX Products by Siemens,"A significant command injection vulnerability exists in the web interface of RUGGEDCOM ROX devices due to inadequate input sanitization of the SCEP server configuration URL parameter. This flaw allows an authenticated privileged remote attacker to execute arbitrary commands with root privileges, compromising the security and integrity of the affected devices. Users should be aware of this risk and consider upgrading to version 2.16.0 or later to mitigate the issue effectively.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",9.1,CRITICAL,0.0014299999456852674,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36386,https://securityvulnerability.io/vulnerability/CVE-2023-36386,Reflected Cross-Site Scripting Vulnerability in RUGGEDCOM ROX Products by Siemens,"A reflected cross-site scripting (XSS) vulnerability has been identified in the web interface of multiple RUGGEDCOM ROX products, including the MX5000 and RX series. This vulnerability allows attackers to inject malicious JavaScript code that is executed in the context of the user's browser. Exploitation requires users to be tricked into clicking on a malicious link that causes the application to reflect user-provided input without proper sanitization. The affected versions are all prior to V2.16.0, and users should upgrade to the latest versions to mitigate this risk.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",8.8,HIGH,0.000539999979082495,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36389,https://securityvulnerability.io/vulnerability/CVE-2023-36389,Reflected Cross-Site Scripting Vulnerability in RUGGEDCOM ROX Series by Siemens,"A reflected cross-site scripting (XSS) vulnerability is present in the web interface of the RUGGEDCOM ROX Series, including models MX5000, RX1400, RX1500, and others prior to version 2.16.0. This flaw allows an attacker to execute arbitrary JavaScript code in the context of the victim’s web browser. By crafting a malicious link, an attacker can trick users into clicking it, subsequently reflecting the malformed value in the response without proper sanitization, which poses significant security risks. Users receiving the 'invalid path' error could unknowingly expose their session or other sensitive data to the attacker.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",8.8,HIGH,0.000539999979082495,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2023-36390,https://securityvulnerability.io/vulnerability/CVE-2023-36390,Reflected Cross-Site Scripting Vulnerability in RUGGEDCOM ROX Products,"A reflected cross-site scripting vulnerability exists within the web interface of several RUGGEDCOM ROX products. The issue arises from the improper sanitization of user input, allowing an attacker to execute malicious JavaScript code by deceiving users into clicking on a specially crafted link. This vulnerability may lead to unauthorized actions executed in the context of the user’s session, potentially compromising sensitive information and affecting the security of the user's environment.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",8.8,HIGH,0.000539999979082495,false,,false,false,false,,false,false,2023-07-11T10:15:00.000Z,0
CVE-2022-29562,https://securityvulnerability.io/vulnerability/CVE-2022-29562,Malformed HTTP Packet Handling Vulnerability in RUGGEDCOM ROX Products,"A vulnerability in various RUGGEDCOM ROX products has been identified, where devices fail to process malformed HTTP packets correctly. This flaw could allow an unauthenticated remote attacker to send specially crafted HTTP packets, potentially causing specific functions to fail in a controlled manner. Systems operating on versions prior to V2.16.0 are particularly at risk, necessitating immediate attention to ensure proper security measures are in place.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",3.7,LOW,0.0009500000160187483,false,,false,false,false,,false,false,2023-07-11T09:07:00.397Z,0
CVE-2022-29561,https://securityvulnerability.io/vulnerability/CVE-2022-29561,Cross-Site Request Forgery Vulnerability in RUGGEDCOM ROX Products by Siemens,"A vulnerability exists in the web interface of various RUGGEDCOM ROX devices manufactured by Siemens, affecting all versions prior to V2.16.0. This flaw allows attackers to exploit Cross-Site Request Forgery (CSRF) attacks, where they can trick authenticated users into unwittingly executing arbitrary actions on their devices. By persuading users to click on malicious links, threat actors can bypass standard authentication protocols and manipulate device configurations, potentially leading to unauthorized access and control.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",7.5,HIGH,0.0009200000204145908,false,,false,false,false,,false,false,2023-07-11T09:06:58.988Z,0
CVE-2022-29560,https://securityvulnerability.io/vulnerability/CVE-2022-29560,Command Injection Vulnerability in RUGGEDCOM ROX Devices by Siemens,"A command injection vulnerability has been discovered in RUGGEDCOM ROX devices by Siemens, affecting multiple models with versions prior to 2.15.1. This weakness stems from the failure to adequately validate user input through the shell or web CLI, allowing an attacker with administrative access to execute arbitrary commands on the underlying operating system as the root user. This could lead to unauthorized control over the device, highlighting the importance of timely updates and security measures.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",7.2,HIGH,0.0008800000068731606,false,,false,false,false,,false,false,2022-07-12T10:06:38.000Z,0
CVE-2021-41546,https://securityvulnerability.io/vulnerability/CVE-2021-41546,,"A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2021-10-12T09:49:39.000Z,0
CVE-2021-37175,https://securityvulnerability.io/vulnerability/CVE-2021-37175,,"A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2021-09-14T10:47:43.000Z,0
CVE-2021-37174,https://securityvulnerability.io/vulnerability/CVE-2021-37174,,"A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",8.8,HIGH,0.0009200000204145908,false,,false,false,false,,false,false,2021-09-14T10:47:42.000Z,0
CVE-2021-37173,https://securityvulnerability.io/vulnerability/CVE-2021-37173,,"A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",8.8,HIGH,0.0022899999748915434,false,,false,false,false,,false,false,2021-09-14T10:47:41.000Z,0