9.9
CVE-2025-32469
- EPSS 0.22%
- Veröffentlicht 13.05.2025 09:38:46
- Zuletzt bearbeitet 13.05.2025 19:35:18
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'ping' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000RE
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1400
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1500
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1501
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1510
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1511
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1512
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1524
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1536
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX5000
Default Statusunknown
Version <
V2.16.5
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.446 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| productcert@siemens.com | 9.4 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-602 Client-Side Enforcement of Server-Side Security
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.