Siemens RUGGEDCOM ROX

🗓️ 11 Jul 2023 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 71 Views

Siemens RUGGEDCOM ROX vulnerability with CVSS 9.8, allows command injection, improper authentication, buffer overflow, and more, affects several products

Reporter	Title	Published	Views	Family All 1406
IBM Security Bulletins	Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go	31 Aug 202216:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	23 Sep 202222:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Operator package issues	12 Dec 202416:58	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2022-1292, CVE-2022-0778)	25 Jul 202214:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V	4 Apr 202418:41	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)	17 Sep 202202:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect	26 Mar 202503:57	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-0778, CVE-2022-1292)	26 Jul 202212:02	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of OpenSSL, IBM Virtualization Engine TS7700 is vulnerable to denial of service (CVE-2022-0778) and privilege escalation (CVE-2022-1292)	29 Aug 202223:14	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL	19 Aug 202216:02	–	ibm

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-146325.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-146325.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-146325.txt
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-194-01.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-194-01
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf

11 Jul 2023 00:00Current

10High risk

Vulners AI Score10

CVSS 210

CVSS 3.18.1 - 9.8

EPSS0.38894

SSVC