What is CVE-2023-36754?

CVE-2023-36754 is a vulnerability that has been identified in RUGGEDCOM ROX MX5000 and other Siemens devices with firmware versions below 2.16.0.

How severe is CVE-2023-36754?

CVE-2023-36754 has a severity rating of 7.2, which is considered critical.

Which Siemens devices are affected by CVE-2023-36754?

RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, and RUGGEDCOM ROX RX1510 devices with firmware versions below 2.16.0 are affected.

How can I fix CVE-2023-36754?

To fix CVE-2023-36754, it is recommended to update the firmware of the affected Siemens devices to version 2.16.0 or later.

Where can I find more information about CVE-2023-36754?

You can find more information about CVE-2023-36754 in the Siemens ProductCERT advisory at the following link: [Siemens ProductCERT Advisory](https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf)

Vulnerability/
CVE-2023-36754

critical

9.1

CWE

11/7/2023

10/12/2024

CVE-2023-36754: Command Injection

First published: Tue Jul 11 2023(Updated: )

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Credit: productcert@siemens.com productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Ruggedcom Rox Mx5000 Firmware	<2.16.0
Siemens RUGGEDCOM ROX MX5000
Siemens Ruggedcom Rox Mx5000re Firmware	<2.16.0
Siemens Ruggedcom Rox Mx5000re
Siemens Ruggedcom Rox Rx1400 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1400
Siemens Ruggedcom Rox Rx1500 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1500
Siemens Ruggedcom Rox Rx1501 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1501
Siemens Ruggedcom Rox Rx1510 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1510
Siemens Ruggedcom Rox Rx1511 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1511
Siemens Ruggedcom Rox Rx1512 Firmware	<2.16.0
Siemens RUGGEDCOM ROX RX1512
Siemens Ruggedcom Rox Rx1524 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx1524
Siemens Ruggedcom Rox Rx1536 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx1536
Siemens Ruggedcom Rox Rx5000 Firmware	<2.16.0
Siemens Ruggedcom Rox Rx5000

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf

Frequently Asked Questions

What is CVE-2023-36754?
CVE-2023-36754 is a vulnerability that has been identified in RUGGEDCOM ROX MX5000 and other Siemens devices with firmware versions below 2.16.0.
How severe is CVE-2023-36754?
CVE-2023-36754 has a severity rating of 7.2, which is considered critical.
Which Siemens devices are affected by CVE-2023-36754?
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, and RUGGEDCOM ROX RX1510 devices with firmware versions below 2.16.0 are affected.
How can I fix CVE-2023-36754?
To fix CVE-2023-36754, it is recommended to update the firmware of the affected Siemens devices to version 2.16.0 or later.
Where can I find more information about CVE-2023-36754?
You can find more information about CVE-2023-36754 in the Siemens ProductCERT advisory at the following link: [Siemens ProductCERT Advisory](https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf)

collector/nvd-latest
agent/author
agent/type
agent/event
agent/last-modified-date
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
agent/weakness
agent/severity
agent/references
agent/softwarecombine
agent/tags
agent/description
collector/mitre-cve
source/MITRE
vendor/siemens
canonical/siemens ruggedcom rox mx5000 firmware
canonical/siemens ruggedcom rox mx5000
canonical/siemens ruggedcom rox mx5000re firmware
canonical/siemens ruggedcom rox mx5000re
canonical/siemens ruggedcom rox rx1400 firmware
canonical/siemens ruggedcom rox rx1400
canonical/siemens ruggedcom rox rx1500 firmware
canonical/siemens ruggedcom rox rx1500
canonical/siemens ruggedcom rox rx1501 firmware
canonical/siemens ruggedcom rox rx1501
canonical/siemens ruggedcom rox rx1510 firmware
canonical/siemens ruggedcom rox rx1510
canonical/siemens ruggedcom rox rx1511 firmware
canonical/siemens ruggedcom rox rx1511
canonical/siemens ruggedcom rox rx1512 firmware
canonical/siemens ruggedcom rox rx1512
canonical/siemens ruggedcom rox rx1524 firmware
canonical/siemens ruggedcom rox rx1524
canonical/siemens ruggedcom rox rx1536 firmware
canonical/siemens ruggedcom rox rx1536
canonical/siemens ruggedcom rox rx5000 firmware
canonical/siemens ruggedcom rox rx5000