What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-36753.

Which software versions are affected by this vulnerability?

All versions of RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510 up to version 2.16.0 are affected.

What is the severity of CVE-2023-36753?

The severity of CVE-2023-36753 is critical with a CVSS score of 7.2.

How can I fix this vulnerability?

To fix this vulnerability, update the affected RUGGEDCOM ROX devices to version 2.16.0 or higher.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Siemens ProductCERT website: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf

Vulnerability/
CVE-2023-36753

critical

9.1

CWE

11/7/2023

2/8/2024

CVE-2023-36753: Command Injection

First published: Tue Jul 11 2023(Updated: )

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Credit: productcert@siemens.com productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Ruggedcom Rox Mx5000 Firmware	<2.16.0
Siemens RUGGEDCOM ROX MX5000
Siemens Ruggedcom Rox Mx5000re Firmware	<2.16.0
Siemens Ruggedcom Rox Mx5000re
Siemens Ruggedcom Rox Rx1400 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1400
Siemens Ruggedcom Rox Rx1500 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1500
Siemens Ruggedcom Rox Rx1501 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1501
Siemens Ruggedcom Rox Rx1510 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1510
Siemens Ruggedcom Rox Rx1511 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1511
Siemens Ruggedcom Rox Rx1512 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1512
Siemens Ruggedcom Rox Rx1524 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx1524
Siemens Ruggedcom Rox Rx1536 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx1536
Siemens Ruggedcom Rox Rx5000 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx5000

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-36753.
Which software versions are affected by this vulnerability?
All versions of RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510 up to version 2.16.0 are affected.
What is the severity of CVE-2023-36753?
The severity of CVE-2023-36753 is critical with a CVSS score of 7.2.
How can I fix this vulnerability?
To fix this vulnerability, update the affected RUGGEDCOM ROX devices to version 2.16.0 or higher.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Siemens ProductCERT website: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf

collector/nvd-latest
agent/author
agent/type
agent/event
agent/first-publish-date
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
agent/weakness
agent/severity
agent/references
agent/softwarecombine
agent/tags
agent/description
collector/mitre-cve
source/MITRE
vendor/siemens
canonical/siemens ruggedcom rox mx5000 firmware
canonical/siemens ruggedcom rox mx5000
canonical/siemens ruggedcom rox mx5000re firmware
canonical/siemens ruggedcom rox mx5000re
canonical/siemens ruggedcom rox rx1400 firmware
canonical/siemens ruggedcom rox rx1400
canonical/siemens ruggedcom rox rx1500 firmware
canonical/siemens ruggedcom rox rx1500
canonical/siemens ruggedcom rox rx1501 firmware
canonical/siemens ruggedcom rox rx1501
canonical/siemens ruggedcom rox rx1510 firmware
canonical/siemens ruggedcom rox rx1510
canonical/siemens ruggedcom rox rx1511 firmware
canonical/siemens ruggedcom rox rx1511
canonical/siemens ruggedcom rox rx1512 firmware
canonical/siemens ruggedcom rox rx1512
canonical/siemens ruggedcom rox rx1524 firmware
canonical/siemens ruggedcom rox rx1524
canonical/siemens ruggedcom rox rx1536 firmware
canonical/siemens ruggedcom rox rx1536
canonical/siemens ruggedcom rox rx5000 firmware
canonical/siemens ruggedcom rox rx5000