CVE-2025-33023

EPSS 0.05%
Published 12.08.2025 11:16:59
Last modified 12.08.2025 14:25:33
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The  affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorSiemens

≫

Product RUGGEDCOM ROX MX5000

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX MX5000RE

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX RX1400

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX RX1500

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX RX1501

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX RX1510

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX RX1511

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX RX1512

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX RX1524

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX RX1536

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product RUGGEDCOM ROX RX5000

Default Statusunknown

Version < *

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
productcert@siemens.com	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
productcert@siemens.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://cert-portal.siemens.com/productcert/html/ssa-665108.html

https://nvd.nist.gov/vuln/detail/CVE-2025-33023

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-33023

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-33023

EUVD