Search

Find a vulnerability

Search criteria

    75 vulnerabilities found for RUGGEDCOM ROX MX5000RE by Siemens

    CVE-2025-40949 (GCVE-0-2025-40949)

    Vulnerability from nvd – Published: 2026-05-12 08:20 – Updated: 2026-05-13 09:53
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend. This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40949",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T01:40:45.667682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:53:09.306Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.1), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend.\r\n\r\nThis could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:20:53.983Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-081142.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40949",
        "datePublished": "2026-05-12T08:20:53.983Z",
        "dateReserved": "2025-04-16T09:06:15.880Z",
        "dateUpdated": "2026-05-13T09:53:09.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40948 (GCVE-0-2025-40948)

    Vulnerability from nvd – Published: 2026-05-12 08:20 – Updated: 2026-05-12 12:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly validate input in the web server's JSON-RPC interface. This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40948",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T12:43:17.469738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:43:43.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.1), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.1). Affected devices do not properly validate input in the web server\u0027s JSON-RPC interface.\r\n\r\nThis could allow an authenticated remote attacker to read arbitrary files from the underlying operating system\u0027s filesystem with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:20:52.849Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-973901.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40948",
        "datePublished": "2026-05-12T08:20:52.849Z",
        "dateReserved": "2025-04-16T09:06:15.879Z",
        "dateUpdated": "2026-05-12T12:43:43.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40947 (GCVE-0-2025-40947)

    Vulnerability from nvd – Published: 2026-05-12 08:20 – Updated: 2026-05-12 12:45
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process. This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T12:45:22.982292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:45:37.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.1), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process.\r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:20:51.712Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-078743.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40947",
        "datePublished": "2026-05-12T08:20:51.712Z",
        "dateReserved": "2025-04-16T09:06:15.879Z",
        "dateUpdated": "2026-05-12T12:45:37.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56840 (GCVE-0-2024-56840)

    Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:27:32.481320Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:27:36.500Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:55.345Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56840",
        "datePublished": "2025-12-09T10:44:19.188Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:55.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56839 (GCVE-0-2024-56839)

    Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:27:47.309463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:27:57.838Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:54.268Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56839",
        "datePublished": "2025-12-09T10:44:18.103Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:54.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56838 (GCVE-0-2024-56838)

    Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:28:19.803546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:28:27.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:53.194Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56838",
        "datePublished": "2025-12-09T10:44:17.019Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:53.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56837 (GCVE-0-2024-56837)

    Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:28:47.566460Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:28:52.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:52.096Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56837",
        "datePublished": "2025-12-09T10:44:15.934Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:52.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56836 (GCVE-0-2024-56836)

    Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:29:09.000238Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:29:13.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:50.967Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56836",
        "datePublished": "2025-12-09T10:44:14.820Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:50.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56835 (GCVE-0-2024-56835)

    Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:29:27.215015Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:29:32.308Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:49.860Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56835",
        "datePublished": "2025-12-09T10:44:13.701Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:49.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40761 (GCVE-0-2025-40761)

    Vulnerability from nvd – Published: 2025-08-12 11:17 – Updated: 2025-08-12 18:23
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode. This could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40761",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T18:22:37.859243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T18:23:25.349Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode.\r\nThis could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:17:11.853Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-094954.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40761",
        "datePublished": "2025-08-12T11:17:11.853Z",
        "dateReserved": "2025-04-16T08:39:30.032Z",
        "dateUpdated": "2025-08-12T18:23:25.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33023 (GCVE-0-2025-33023)

    Vulnerability from nvd – Published: 2025-08-12 11:16 – Updated: 2025-08-12 20:08
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T20:08:29.644330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T20:08:44.934Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The  affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:59.504Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-665108.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-33023",
        "datePublished": "2025-08-12T11:16:59.504Z",
        "dateReserved": "2025-04-15T14:09:25.610Z",
        "dateUpdated": "2025-08-12T20:08:44.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-40591 (GCVE-0-2025-40591)

    Vulnerability from nvd – Published: 2025-06-10 15:17 – Updated: 2025-06-10 15:41
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'Log Viewers' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the 'tail' command with root privileges and disclose contents of all files in the filesystem.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:41:16.109866Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:41:27.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027Log Viewers\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the \u0027tail\u0027 command with root privileges and disclose contents of all files in the filesystem."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T15:17:36.336Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40591",
        "datePublished": "2025-06-10T15:17:36.336Z",
        "dateReserved": "2025-04-16T08:20:17.033Z",
        "dateUpdated": "2025-06-10T15:41:27.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33025 (GCVE-0-2025-33025)

    Vulnerability from nvd – Published: 2025-05-13 09:38 – Updated: 2025-05-13 13:28
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'traceroute' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33025",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-13T13:28:14.045415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-13T13:28:58.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027traceroute\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-13T09:38:49.056Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-33025",
        "datePublished": "2025-05-13T09:38:49.056Z",
        "dateReserved": "2025-04-15T14:09:25.611Z",
        "dateUpdated": "2025-05-13T13:28:58.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33024 (GCVE-0-2025-33024)

    Vulnerability from nvd – Published: 2025-05-13 09:38 – Updated: 2025-05-13 13:29
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'tcpdump' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-13T13:29:43.390237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-13T13:29:57.474Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027tcpdump\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-13T09:38:47.622Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-33024",
        "datePublished": "2025-05-13T09:38:47.622Z",
        "dateReserved": "2025-04-15T14:09:25.611Z",
        "dateUpdated": "2025-05-13T13:29:57.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-32469 (GCVE-0-2025-32469)

    Vulnerability from nvd – Published: 2025-05-13 09:38 – Updated: 2025-05-13 14:02
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'ping' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-13T14:01:55.562100Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-13T14:02:46.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027ping\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-13T09:38:46.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-32469",
        "datePublished": "2025-05-13T09:38:46.000Z",
        "dateReserved": "2025-04-09T06:17:18.306Z",
        "dateUpdated": "2025-05-13T14:02:46.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-40949 (GCVE-0-2025-40949)

    Vulnerability from cvelistv5 – Published: 2026-05-12 08:20 – Updated: 2026-05-13 09:53
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend. This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40949",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T01:40:45.667682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T09:53:09.306Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.1), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend.\r\n\r\nThis could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:20:53.983Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-081142.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40949",
        "datePublished": "2026-05-12T08:20:53.983Z",
        "dateReserved": "2025-04-16T09:06:15.880Z",
        "dateUpdated": "2026-05-13T09:53:09.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40948 (GCVE-0-2025-40948)

    Vulnerability from cvelistv5 – Published: 2026-05-12 08:20 – Updated: 2026-05-12 12:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly validate input in the web server's JSON-RPC interface. This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40948",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T12:43:17.469738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:43:43.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.1), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.1). Affected devices do not properly validate input in the web server\u0027s JSON-RPC interface.\r\n\r\nThis could allow an authenticated remote attacker to read arbitrary files from the underlying operating system\u0027s filesystem with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:20:52.849Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-973901.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40948",
        "datePublished": "2026-05-12T08:20:52.849Z",
        "dateReserved": "2025-04-16T09:06:15.879Z",
        "dateUpdated": "2026-05-12T12:43:43.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40947 (GCVE-0-2025-40947)

    Vulnerability from cvelistv5 – Published: 2026-05-12 08:20 – Updated: 2026-05-12 12:45
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process. This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T12:45:22.982292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:45:37.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.1), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process.\r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:20:51.712Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-078743.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40947",
        "datePublished": "2026-05-12T08:20:51.712Z",
        "dateReserved": "2025-04-16T09:06:15.879Z",
        "dateUpdated": "2026-05-12T12:45:37.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56840 (GCVE-0-2024-56840)

    Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:27:32.481320Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:27:36.500Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:55.345Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56840",
        "datePublished": "2025-12-09T10:44:19.188Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:55.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56839 (GCVE-0-2024-56839)

    Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:27:47.309463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:27:57.838Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:54.268Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56839",
        "datePublished": "2025-12-09T10:44:18.103Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:54.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56838 (GCVE-0-2024-56838)

    Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:28:19.803546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:28:27.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:53.194Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56838",
        "datePublished": "2025-12-09T10:44:17.019Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:53.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56837 (GCVE-0-2024-56837)

    Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:28:47.566460Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:28:52.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:52.096Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56837",
        "datePublished": "2025-12-09T10:44:15.934Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:52.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56836 (GCVE-0-2024-56836)

    Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:29:09.000238Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:29:13.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:50.967Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56836",
        "datePublished": "2025-12-09T10:44:14.820Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:50.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-56835 (GCVE-0-2024-56835)

    Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:29:27.215015Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T14:29:32.308Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T09:43:49.860Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-56835",
        "datePublished": "2025-12-09T10:44:13.701Z",
        "dateReserved": "2025-01-03T10:21:11.980Z",
        "dateUpdated": "2026-01-13T09:43:49.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40761 (GCVE-0-2025-40761)

    Vulnerability from cvelistv5 – Published: 2025-08-12 11:17 – Updated: 2025-08-12 18:23
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode. This could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40761",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T18:22:37.859243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T18:23:25.349Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode.\r\nThis could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:17:11.853Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-094954.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40761",
        "datePublished": "2025-08-12T11:17:11.853Z",
        "dateReserved": "2025-04-16T08:39:30.032Z",
        "dateUpdated": "2025-08-12T18:23:25.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33023 (GCVE-0-2025-33023)

    Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 20:08
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T20:08:29.644330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T20:08:44.934Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The  affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:59.504Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-665108.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-33023",
        "datePublished": "2025-08-12T11:16:59.504Z",
        "dateReserved": "2025-04-15T14:09:25.610Z",
        "dateUpdated": "2025-08-12T20:08:44.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-40591 (GCVE-0-2025-40591)

    Vulnerability from cvelistv5 – Published: 2025-06-10 15:17 – Updated: 2025-06-10 15:41
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'Log Viewers' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the 'tail' command with root privileges and disclose contents of all files in the filesystem.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T15:41:16.109866Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T15:41:27.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027Log Viewers\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the \u0027tail\u0027 command with root privileges and disclose contents of all files in the filesystem."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T15:17:36.336Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-40591",
        "datePublished": "2025-06-10T15:17:36.336Z",
        "dateReserved": "2025-04-16T08:20:17.033Z",
        "dateUpdated": "2025-06-10T15:41:27.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33025 (GCVE-0-2025-33025)

    Vulnerability from cvelistv5 – Published: 2025-05-13 09:38 – Updated: 2025-05-13 13:28
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'traceroute' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33025",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-13T13:28:14.045415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-13T13:28:58.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027traceroute\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-13T09:38:49.056Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-33025",
        "datePublished": "2025-05-13T09:38:49.056Z",
        "dateReserved": "2025-04-15T14:09:25.611Z",
        "dateUpdated": "2025-05-13T13:28:58.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33024 (GCVE-0-2025-33024)

    Vulnerability from cvelistv5 – Published: 2025-05-13 09:38 – Updated: 2025-05-13 13:29
    VLAI
    Summary
    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'tcpdump' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-13T13:29:43.390237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-13T13:29:57.474Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX MX5000RE",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1400",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1500",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1501",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1510",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1511",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1512",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1524",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX1536",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "RUGGEDCOM ROX RX5000",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027tcpdump\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-13T09:38:47.622Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2025-33024",
        "datePublished": "2025-05-13T09:38:47.622Z",
        "dateReserved": "2025-04-15T14:09:25.611Z",
        "dateUpdated": "2025-05-13T13:29:57.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202307-0585

    Vulnerability from variot - Updated: 2025-08-01 21:08

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the action parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0585",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ruggedcom rox rx1400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox mx5000re",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox rx1510",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox rx1536",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox rx1501",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox rx1511",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox rx1500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox rx5000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox rx1512",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox mx5000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox rx1524",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.16.0"
          },
          {
            "model": "ruggedcom rox rx1500",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox rx1501",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox rx1524",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox rx5000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox mx5000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox rx1512",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox rx1510",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox rx1400",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox rx1511",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox mx5000re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox rx1536",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ruggedcom rox mx5000",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox mx5000re",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox rx1400",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox rx1500",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox rx1501",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox rx1510",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox rx1511",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox rx1512",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox rx1524",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox rx1536",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          },
          {
            "model": "ruggedcom rox rx5000",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v2.16.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36390"
          }
        ]
      },
      "cve": "CVE-2023-36390",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-55709",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "productcert@siemens.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-36390",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-36390",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2023-36390",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "productcert@siemens.com",
                "id": "CVE-2023-36390",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-36390",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-36390",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-55709",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-741",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-741"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36390"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36390"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-36390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-36390"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-36390",
            "trust": 3.9
          },
          {
            "db": "SIEMENS",
            "id": "SSA-146325",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-194-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU95292697",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-021749",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-741",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-36390",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-36390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-741"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36390"
          }
        ]
      },
      "id": "VAR-202307-0585",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          }
        ],
        "trust": 1.17411168
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          }
        ]
      },
      "last_update_date": "2025-08-01T21:08:50.688000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55709)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/440301"
          },
          {
            "title": "Siemens RUGGEDCOM ROX A series of products Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246663"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-741"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36390"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95292697/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36390"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
          },
          {
            "trust": 0.6,
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-36390/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-36390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-741"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36390"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-36390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-741"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-36390"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-36390"
          },
          {
            "date": "2024-01-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-741"
          },
          {
            "date": "2023-07-11T10:15:10.827000",
            "db": "NVD",
            "id": "CVE-2023-36390"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-55709"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-36390"
          },
          {
            "date": "2024-01-19T08:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          },
          {
            "date": "2023-07-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-741"
          },
          {
            "date": "2025-08-01T02:05:29.757000",
            "db": "NVD",
            "id": "CVE-2023-36390"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-741"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in multiple Siemens products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-021749"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-741"
          }
        ],
        "trust": 0.6
      }
    }