What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2023-36752.

What is the severity of CVE-2023-36752?

The severity of CVE-2023-36752 is critical with a CVSS score of 7.2.

What software versions are affected by CVE-2023-36752?

All versions of RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, and RX1510 prior to V2.16.0 are affected by CVE-2023-36752.

How can I fix CVE-2023-36752?

Apply the latest firmware update (V2.16.0) provided by Siemens to fix CVE-2023-36752.

Where can I find more information about CVE-2023-36752?

More information about CVE-2023-36752 can be found at the Siemens ProductCERT portal: [link](https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf)

Vulnerability/
CVE-2023-36752

critical

9.1

CWE

11/7/2023

2/8/2024

CVE-2023-36752: Command Injection

First published: Tue Jul 11 2023(Updated: )

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Credit: productcert@siemens.com productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Ruggedcom Rox Mx5000 Firmware	<2.16.0
Siemens RUGGEDCOM ROX MX5000
Siemens Ruggedcom Rox Mx5000re Firmware	<2.16.0
Siemens Ruggedcom Rox Mx5000re
Siemens Ruggedcom Rox Rx1400 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1400
Siemens Ruggedcom Rox Rx1500 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1500
Siemens Ruggedcom Rox Rx1501 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1501
Siemens Ruggedcom Rox Rx1510 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1510
Siemens Ruggedcom Rox Rx1511 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1511
Siemens Ruggedcom Rox Rx1512 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1512
Siemens Ruggedcom Rox Rx1524 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx1524
Siemens Ruggedcom Rox Rx1536 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx1536
Siemens Ruggedcom Rox Rx5000 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx5000

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-36752.
What is the severity of CVE-2023-36752?
The severity of CVE-2023-36752 is critical with a CVSS score of 7.2.
What software versions are affected by CVE-2023-36752?
All versions of RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, and RX1510 prior to V2.16.0 are affected by CVE-2023-36752.
How can I fix CVE-2023-36752?
Apply the latest firmware update (V2.16.0) provided by Siemens to fix CVE-2023-36752.
Where can I find more information about CVE-2023-36752?
More information about CVE-2023-36752 can be found at the Siemens ProductCERT portal: [link](https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf)

collector/nvd-latest
agent/author
agent/type
agent/event
agent/first-publish-date
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
agent/weakness
agent/severity
agent/references
agent/softwarecombine
agent/tags
agent/description
collector/mitre-cve
source/MITRE
vendor/siemens
canonical/siemens ruggedcom rox mx5000 firmware
canonical/siemens ruggedcom rox mx5000
canonical/siemens ruggedcom rox mx5000re firmware
canonical/siemens ruggedcom rox mx5000re
canonical/siemens ruggedcom rox rx1400 firmware
canonical/siemens ruggedcom rox rx1400
canonical/siemens ruggedcom rox rx1500 firmware
canonical/siemens ruggedcom rox rx1500
canonical/siemens ruggedcom rox rx1501 firmware
canonical/siemens ruggedcom rox rx1501
canonical/siemens ruggedcom rox rx1510 firmware
canonical/siemens ruggedcom rox rx1510
canonical/siemens ruggedcom rox rx1511 firmware
canonical/siemens ruggedcom rox rx1511
canonical/siemens ruggedcom rox rx1512 firmware
canonical/siemens ruggedcom rox rx1512
canonical/siemens ruggedcom rox rx1524 firmware
canonical/siemens ruggedcom rox rx1524
canonical/siemens ruggedcom rox rx1536 firmware
canonical/siemens ruggedcom rox rx1536
canonical/siemens ruggedcom rox rx5000 firmware
canonical/siemens ruggedcom rox rx5000