Lucene search

K
cve[email protected]CVE-2023-36389
HistoryJul 11, 2023 - 10:15 a.m.

CVE-2023-36389

2023-07-1110:15:10
CWE-79
web.nvd.nist.gov
16
vulnerability
ruggedcom rox
xss
web interface
security
cve-2023-36389

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

0.0005 Low

EPSS

Percentile

17.3%

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected
directly in the response without sanitization while throwing an β€œinvalid path” error.

Affected configurations

NVD
Node
siemensruggedcom_rox_mx5000_firmwareRange<2.16.0
AND
siemensruggedcom_rox_mx5000Match-
Node
siemensruggedcom_rox_mx5000re_firmwareRange<2.16.0
AND
siemensruggedcom_rox_mx5000reMatch-
Node
siemensruggedcom_rox_rx1400_firmwareRange<2.16.0
AND
siemensruggedcom_rox_rx1400Match-
Node
siemensruggedcom_rox_rx1500_firmwareRange<2.16.0
AND
siemensruggedcom_rox_rx1500Match-
Node
siemensruggedcom_rox_rx1501_firmwareRange<2.16.0
AND
siemensruggedcom_rox_rx1501Match-
Node
siemensruggedcom_rox_rx1510_firmwareRange<2.16.0
AND
siemensruggedcom_rox_rx1510Match-
Node
siemensruggedcom_rox_rx1511_firmwareRange<2.16.0
AND
siemensruggedcom_rox_rx1511Match-
Node
siemensruggedcom_rox_rx1512_firmwareRange<2.16.0
AND
siemensruggedcom_rox_rx1512Match-
Node
siemensruggedcom_rox_rx1524_firmwareRange<2.16.0
AND
siemensruggedcom_rox_rx1524Match-
Node
siemensruggedcom_rox_rx1536_firmwareRange<2.16.0
AND
siemensruggedcom_rox_rx1536Match-
Node
siemensruggedcom_rox_rx5000_firmwareRange<2.16.0
AND
siemensruggedcom_rox_rx5000Match-

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX MX5000",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX MX5000RE",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1400",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1500",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1501",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1510",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1511",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1512",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1524",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX1536",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM ROX RX5000",
    "versions": [
      {
        "version": "All versions < V2.16.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

0.0005 Low

EPSS

Percentile

17.3%

Related for CVE-2023-36389