9

CVE-2021-37173

EPSS 1.55%
Veröffentlicht 14.09.2021 11:15:25
Zuletzt bearbeitet 21.11.2024 06:14:47
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Ruggedcom Rox Rx1400 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1400 Version-

Siemens ≫ Ruggedcom Rox Mx5000 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Mx5000 Version-

Siemens ≫ Ruggedcom Rox Rx1500 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1500 Version-

Siemens ≫ Ruggedcom Rox Rx1501 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1501 Version-

Siemens ≫ Ruggedcom Rox Rx1510 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1510 Version-

Siemens ≫ Ruggedcom Rox Rx1511 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1511 Version-

Siemens ≫ Ruggedcom Rox Rx1512 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1512 Version-

Siemens ≫ Ruggedcom Rox Rx1524 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1524 Version-

Siemens ≫ Ruggedcom Rox Rx1536 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx1536 Version-

Siemens ≫ Ruggedcom Rox Rx5000 Firmware Version < 2.14.1

Siemens ≫ Ruggedcom Rox Rx5000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.55%	0.797

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37173

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37173

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37173

EUVD