Lucene search

SiemensCVE-2021-37174

HistorySep 14, 2021 - 11:15 a.m.

CVE-2021-37174

2021-09-1411:15:25

CWE-250

siemens

web.nvd.nist.gov

cve-2021-37174

vulnerability

privilege escalation

ruggedcom

nvd

security

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.

Affected configurations

Nvd

Node

siemensruggedcom_rox_rx1400Match-

AND

siemensruggedcom_rox_rx1400_firmwareRange<2.14.1

Node

siemensruggedcom_rox_mx5000Match-

AND

siemensruggedcom_rox_mx5000_firmwareRange<2.14.1

Node

siemensruggedcom_rox_rx1500Match-

AND

siemensruggedcom_rox_rx1500_firmwareRange<2.14.1

Node

siemensruggedcom_rox_rx1501Match-

AND

siemensruggedcom_rox_rx1501_firmwareRange<2.14.1

Node

siemensruggedcom_rox_rx1510Match-

AND

siemensruggedcom_rox_rx1510_firmwareRange<2.14.1

Node

siemensruggedcom_rox_rx1511Match-

AND

siemensruggedcom_rox_rx1511_firmwareRange<2.14.1

Node

siemensruggedcom_rox_rx1512Match-

AND

siemensruggedcom_rox_rx1512_firmwareRange<2.14.1

Node

siemensruggedcom_rox_rx1524Match-

AND

siemensruggedcom_rox_rx1524_firmwareRange<2.14.1

Node

siemensruggedcom_rox_rx1536_firmwareRange<2.14.1

AND

siemensruggedcom_rox_rx1536Match-

Node

siemensruggedcom_rox_rx5000_firmwareRange<2.14.1

AND

siemensruggedcom_rox_rx5000Match-

VendorProductVersionCPE
siemensruggedcom_rox_rx1400-cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*
siemensruggedcom_rox_rx1400_firmware*cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*
siemensruggedcom_rox_mx5000-cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*
siemensruggedcom_rox_mx5000_firmware*cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*
siemensruggedcom_rox_rx1500-cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*
siemensruggedcom_rox_rx1500_firmware*cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*
siemensruggedcom_rox_rx1501-cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*
siemensruggedcom_rox_rx1501_firmware*cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*
siemensruggedcom_rox_rx1510-cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*
siemensruggedcom_rox_rx1510_firmware*cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	ruggedcom_rox_rx1400	-	cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:::::::*
siemens	ruggedcom_rox_rx1400_firmware	*	cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware::::::::
siemens	ruggedcom_rox_mx5000	-	cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:::::::*
siemens	ruggedcom_rox_mx5000_firmware	*	cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware::::::::
siemens	ruggedcom_rox_rx1500	-	cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:::::::*
siemens	ruggedcom_rox_rx1500_firmware	*	cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware::::::::
siemens	ruggedcom_rox_rx1501	-	cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:::::::*
siemens	ruggedcom_rox_rx1501_firmware	*	cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware::::::::
siemens	ruggedcom_rox_rx1510	-	cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:::::::*
siemens	ruggedcom_rox_rx1510_firmware	*	cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware::::::::

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "product": "RUGGEDCOM ROX MX5000",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  },
  {
    "product": "RUGGEDCOM ROX RX1400",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  },
  {
    "product": "RUGGEDCOM ROX RX1500",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  },
  {
    "product": "RUGGEDCOM ROX RX1501",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  },
  {
    "product": "RUGGEDCOM ROX RX1510",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  },
  {
    "product": "RUGGEDCOM ROX RX1511",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  },
  {
    "product": "RUGGEDCOM ROX RX1512",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  },
  {
    "product": "RUGGEDCOM ROX RX1524",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  },
  {
    "product": "RUGGEDCOM ROX RX1536",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  },
  {
    "product": "RUGGEDCOM ROX RX5000",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.14.1"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

Related for CVE-2021-37174