#VU56674 Permissions, Privileges, and Access Controls in Siemens products - CVE-2021-37175
Vulnerability identifier: #VU56674
Vulnerability risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
RUGGEDCOM ROX MX5000
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1400
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1500
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1501
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1510
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1511
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1512
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1524
Hardware solutions /
Firmware
RUGGEDCOM ROX RX1536
Hardware solutions /
Firmware
RUGGEDCOM ROX RX5000
Hardware solutions /
Firmware
Vendor: Siemens
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the affected devices do not properly handle permissions to traverse the file system. A remote authenticated attacker can gain access to an overview of the overview of the complete file system on the affected devices.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
RUGGEDCOM ROX MX5000: before 2.14.1
RUGGEDCOM ROX RX1400: before 2.14.1
RUGGEDCOM ROX RX1500: before 2.14.1
RUGGEDCOM ROX RX1501: before 2.14.1
RUGGEDCOM ROX RX1510: before 2.14.1
RUGGEDCOM ROX RX1511: before 2.14.1
RUGGEDCOM ROX RX1512: before 2.14.1
RUGGEDCOM ROX RX1524: before 2.14.1
RUGGEDCOM ROX RX1536: before 2.14.1
RUGGEDCOM ROX RX5000: before 2.14.1
External links
https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
