Lucene search
SiemensCVELIST:CVE-2021-37173HistorySep 14, 2021 - 10:47 a.m.
CVE-2021-37173
2021-09-1410:47:41
CWE-269
siemens
www.cve.org
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.
CNA Affected
[
{
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
},
{
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V2.14.1"
}
]
}
]Related
cnvd
cnvd
Siemens RUGGEDCOM ROX Information Disclosure Vulnerability
2021-09-15 00:00:00
nvd
nvd
CVE-2021-37173
2021-09-14 11:15:25
cve
cve
CVE-2021-37173
2021-09-14 11:15:25
prion
prion
Design/Logic Flaw
2021-09-14 11:15:00
nessus
nessus
Siemens RUGGEDCOM ROX Improper Privilege Management (CVE-2021-37173)
2023-09-14 00:00:00
ics
ics
Siemens RUGGEDCOM ROX (Update A)
2021-10-14 12:00:00