What is CVE-2023-36750?

CVE-2023-36750 is a vulnerability identified in Siemens RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, and RX1510 devices.

What is the severity of CVE-2023-36750?

The severity of CVE-2023-36750 is critical with a CVSS score of 7.2.

Which versions of Siemens RUGGEDCOM ROX MX5000 are affected by CVE-2023-36750?

All versions of Siemens RUGGEDCOM ROX MX5000 firmware before V2.16.0 are affected by CVE-2023-36750.

How can I fix the CVE-2023-36750 vulnerability?

To fix the CVE-2023-36750 vulnerability, you should update your Siemens RUGGEDCOM ROX devices to version 2.16.0 or higher.

Where can I find more information about CVE-2023-36750?

You can find more information about CVE-2023-36750 at the following reference: [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf).

Vulnerability/
CVE-2023-36750

critical

9.1

CWE

11/7/2023

26/11/2024

CVE-2023-36750: Command Injection

First published: Tue Jul 11 2023(Updated: )

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Credit: productcert@siemens.com productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Ruggedcom Rox Mx5000 Firmware	<2.16.0
Siemens RUGGEDCOM ROX MX5000
Siemens Ruggedcom Rox Mx5000re Firmware	<2.16.0
Siemens Ruggedcom Rox Mx5000re
Siemens Ruggedcom Rox Rx1400 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1400
Siemens Ruggedcom Rox Rx1500 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1500
Siemens Ruggedcom Rox Rx1501 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1501
Siemens Ruggedcom Rox Rx1510 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1510
Siemens Ruggedcom Rox Rx1511 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1511
Siemens Ruggedcom Rox Rx1512 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1512
Siemens Ruggedcom Rox Rx1524 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx1524
Siemens Ruggedcom Rox Rx1536 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx1536
Siemens Ruggedcom Rox Rx5000 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx5000

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf

Frequently Asked Questions

What is CVE-2023-36750?
CVE-2023-36750 is a vulnerability identified in Siemens RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, and RX1510 devices.
What is the severity of CVE-2023-36750?
The severity of CVE-2023-36750 is critical with a CVSS score of 7.2.
Which versions of Siemens RUGGEDCOM ROX MX5000 are affected by CVE-2023-36750?
All versions of Siemens RUGGEDCOM ROX MX5000 firmware before V2.16.0 are affected by CVE-2023-36750.
How can I fix the CVE-2023-36750 vulnerability?
To fix the CVE-2023-36750 vulnerability, you should update your Siemens RUGGEDCOM ROX devices to version 2.16.0 or higher.
Where can I find more information about CVE-2023-36750?
You can find more information about CVE-2023-36750 at the following reference: [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf).

collector/nvd-latest
agent/author
agent/type
agent/event
agent/last-modified-date
agent/first-publish-date
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/softwarecombine
agent/tags
agent/description
collector/mitre-cve
source/MITRE
vendor/siemens
canonical/siemens ruggedcom rox mx5000 firmware
canonical/siemens ruggedcom rox mx5000
canonical/siemens ruggedcom rox mx5000re firmware
canonical/siemens ruggedcom rox mx5000re
canonical/siemens ruggedcom rox rx1400 firmware
canonical/siemens ruggedcom rox rx1400
canonical/siemens ruggedcom rox rx1500 firmware
canonical/siemens ruggedcom rox rx1500
canonical/siemens ruggedcom rox rx1501 firmware
canonical/siemens ruggedcom rox rx1501
canonical/siemens ruggedcom rox rx1510 firmware
canonical/siemens ruggedcom rox rx1510
canonical/siemens ruggedcom rox rx1511 firmware
canonical/siemens ruggedcom rox rx1511
canonical/siemens ruggedcom rox rx1512 firmware
canonical/siemens ruggedcom rox rx1512
canonical/siemens ruggedcom rox rx1524 firmware
canonical/siemens ruggedcom rox rx1524
canonical/siemens ruggedcom rox rx1536 firmware
canonical/siemens ruggedcom rox rx1536
canonical/siemens ruggedcom rox rx5000 firmware
canonical/siemens ruggedcom rox rx5000