9

CVE-2021-37173

EPSS 1.55%
Published 14.09.2021 11:15:25
Last modified 21.11.2024 06:14:47
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Ruggedcom Rox Rx1400 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1400 Version-

Siemens ≫ Ruggedcom Rox Mx5000 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Mx5000 Version-

Siemens ≫ Ruggedcom Rox Rx1500 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1500 Version-

Siemens ≫ Ruggedcom Rox Rx1501 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1501 Version-

Siemens ≫ Ruggedcom Rox Rx1510 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1510 Version-

Siemens ≫ Ruggedcom Rox Rx1511 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1511 Version-

Siemens ≫ Ruggedcom Rox Rx1512 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1512 Version-

Siemens ≫ Ruggedcom Rox Rx1524 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1524 Version-

Siemens ≫ Ruggedcom Rox Rx1536 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1536 Version-

Siemens ≫ Ruggedcom Rox Rx5000 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx5000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.55%	0.797

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37173

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37173

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37173

EUVD