Lucene search
K

378 matches found

OSV
OSV
added 2018/10/10 5:29 p.m.2 views

CVE-2018-13801

A vulnerability has been identified in ROX II All versions V2.12.1. An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a...

8.8CVSS5.7AI score
Exploits0References3
Prion
Prion
added 2018/10/10 5:29 p.m.16 views

Privilege escalation

A vulnerability has been identified in ROX II All versions V2.12.1. An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a...

9CVSS8.8AI score0.0268EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/10/10 5:29 p.m.13 views

Code injection

A vulnerability has been identified in ROX II All versions V2.12.1. An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network...

9CVSS7.4AI score0.03574EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/10/10 5:0 p.m.50 views

CVE-2018-13802

Siemens ROX II is affected by CVE-2018-13802. All ROX II versions prior to 2.12.1 are vulnerable to an elevation-of-privilege/command execution flaw accessible via SSH. An authenticated attacker with a high-privileged user account can log in over port 22, bypass restrictions, and execute arbitrar...

9CVSS7AI score0.03574EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/10/10 5:0 p.m.52 views

CVE-2018-13801

CVE-2018-13801 affects Siemens ROX II (all versions

9CVSS8.6AI score0.0268EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/10/10 5:0 p.m.19 views

CVE-2018-13802

A vulnerability has been identified in ROX II All versions V2.12.1. An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network...

7AI score0.03574EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/10/10 5:0 p.m.18 views

CVE-2018-13801

A vulnerability has been identified in ROX II All versions V2.12.1. An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a...

8.7AI score0.0268EPSS
Exploits0References3
CNVD
CNVD
added 2018/10/10 12:0 a.m.2 views

SIEMENS ROX II elevation of privilege vulnerability (CNVD-2018-20533)

SIMATIC ROX II is a ROX-based VPN endpoint and firewall device for connecting devices that operate in harsh environments, such as power substations and traffic control cabinets. An elevation of privilege vulnerability exists in SIMATIC ROX II. An authenticated attacker with elevated user account...

9CVSS7.6AI score0.03574EPSS
Exploits0References1
CNVD
CNVD
added 2018/10/10 12:0 a.m.3 views

SIEMENS ROX II Elevation of Privilege Vulnerability

SIMATIC ROX II is a ROX-based VPN endpoint and firewall device for connecting devices that operate in harsh environments, such as power substations and traffic control cabinets. An elevation of privilege vulnerability exists in SIMATIC ROX II. An attacker with network access to port 22/tcp and...

9CVSS9AI score0.0268EPSS
Exploits0References1
ICS
ICS
added 2018/10/09 12:0 a.m.511 views

ICSA-18-282-03 Siemens ROX II

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: ROX II Vulnerabilities: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow valid users to escalate their privileges and...

9CVSS8.7AI score0.03574EPSS
Exploits0References9
OSV
OSV
added 2017/03/29 1:59 a.m.3 views

CVE-2017-6864

The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00741EPSS
Exploits0References4
NVD
NVD
added 2017/03/29 1:59 a.m.18 views

CVE-2017-6864

The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...

5.4CVSS5.6AI score0.00741EPSS
Exploits0References4
OSV
OSV
added 2017/03/29 1:59 a.m.3 views

CVE-2017-2688

The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a...

8.8CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2017/03/29 1:59 a.m.5 views

CVE-2017-2689

Siemens RUGGEDCOM ROX I all versions allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings...

8.8CVSS5.8AI score0.01395EPSS
Exploits0References4
OSV
OSV
added 2017/03/29 1:59 a.m.3 views

CVE-2017-2687

Siemens RUGGEDCOM ROX I all versions contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link...

6.1CVSS5.8AI score0.00994EPSS
Exploits0References4
OSV
OSV
added 2017/03/29 1:59 a.m.3 views

CVE-2017-2686

Siemens RUGGEDCOM ROX I all versions contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information...

6.5CVSS5.9AI score0.01149EPSS
Exploits0References4
NVD
NVD
added 2017/03/29 1:59 a.m.16 views

CVE-2017-2686

Siemens RUGGEDCOM ROX I all versions contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information...

6.5CVSS6.8AI score0.01149EPSS
Exploits0References4
NVD
NVD
added 2017/03/29 1:59 a.m.19 views

CVE-2017-2687

Siemens RUGGEDCOM ROX I all versions contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link...

6.1CVSS6.3AI score0.00994EPSS
Exploits0References4
Prion
Prion
added 2017/03/29 1:59 a.m.14 views

Cross site scripting

The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...

3.5CVSS5.4AI score0.00741EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2017/03/29 1:59 a.m.12 views

Design/Logic Flaw

Siemens RUGGEDCOM ROX I all versions allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings...

6.5CVSS8.3AI score0.01395EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder