CVE-2025-33023

EPSS 0.05%
Veröffentlicht 12.08.2025 11:16:59
Zuletzt bearbeitet 12.08.2025 14:25:33
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The  affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX MX5000

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX MX5000RE

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1400

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1500

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1501

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1510

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1511

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1512

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1524

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1536

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX5000

Default Statusunknown

Version < *

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
productcert@siemens.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://cert-portal.siemens.com/productcert/html/ssa-665108.html

https://nvd.nist.gov/vuln/detail/CVE-2025-33023

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-33023

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-33023

EUVD