378 matches found
CVE-2018-13801
A vulnerability has been identified in ROX II All versions V2.12.1. An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a...
Privilege escalation
A vulnerability has been identified in ROX II All versions V2.12.1. An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a...
Code injection
A vulnerability has been identified in ROX II All versions V2.12.1. An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network...
CVE-2018-13802
Siemens ROX II is affected by CVE-2018-13802. All ROX II versions prior to 2.12.1 are vulnerable to an elevation-of-privilege/command execution flaw accessible via SSH. An authenticated attacker with a high-privileged user account can log in over port 22, bypass restrictions, and execute arbitrar...
CVE-2018-13801
CVE-2018-13801 affects Siemens ROX II (all versions
CVE-2018-13802
A vulnerability has been identified in ROX II All versions V2.12.1. An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network...
CVE-2018-13801
A vulnerability has been identified in ROX II All versions V2.12.1. An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a...
SIEMENS ROX II elevation of privilege vulnerability (CNVD-2018-20533)
SIMATIC ROX II is a ROX-based VPN endpoint and firewall device for connecting devices that operate in harsh environments, such as power substations and traffic control cabinets. An elevation of privilege vulnerability exists in SIMATIC ROX II. An authenticated attacker with elevated user account...
SIEMENS ROX II Elevation of Privilege Vulnerability
SIMATIC ROX II is a ROX-based VPN endpoint and firewall device for connecting devices that operate in harsh environments, such as power substations and traffic control cabinets. An elevation of privilege vulnerability exists in SIMATIC ROX II. An attacker with network access to port 22/tcp and...
ICSA-18-282-03 Siemens ROX II
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: ROX II Vulnerabilities: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow valid users to escalate their privileges and...
CVE-2017-6864
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...
CVE-2017-6864
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...
CVE-2017-2688
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a...
CVE-2017-2689
Siemens RUGGEDCOM ROX I all versions allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings...
CVE-2017-2687
Siemens RUGGEDCOM ROX I all versions contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link...
CVE-2017-2686
Siemens RUGGEDCOM ROX I all versions contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information...
CVE-2017-2686
Siemens RUGGEDCOM ROX I all versions contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information...
CVE-2017-2687
Siemens RUGGEDCOM ROX I all versions contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link...
Cross site scripting
The integrated web server in Siemens RUGGEDCOM ROX I all versions at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks...
Design/Logic Flaw
Siemens RUGGEDCOM ROX I all versions allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings...