ГлавнаяУязвимости → CVE-2025-40949
9.1критическая

CVE-2025-40949

Описание

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend. This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.

Затрагиваемое ПО
Siemens Ruggedcom rox mx5000 firmwareSiemens Ruggedcom rox mx5000Siemens Ruggedcom rox mx5000re firmwareSiemens Ruggedcom rox mx5000reSiemens Ruggedcom rox rx1400 firmwareSiemens Ruggedcom rox rx1400Siemens Ruggedcom rox rx1500 firmwareSiemens Ruggedcom rox rx1500Siemens Ruggedcom rox rx1501 firmwareSiemens Ruggedcom rox rx1501Siemens Ruggedcom rox rx1510 firmwareSiemens Ruggedcom rox rx1510Siemens Ruggedcom rox rx1511 firmwareSiemens Ruggedcom rox rx1511Siemens Ruggedcom rox rx1512 firmwareSiemens Ruggedcom rox rx1512Siemens Ruggedcom rox rx1524 firmwareSiemens Ruggedcom rox rx1524Siemens Ruggedcom rox rx1536 firmwareSiemens Ruggedcom rox rx1536Siemens Ruggedcom rox rx5000 firmwareSiemens Ruggedcom rox rx5000
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Источники
https://cert-portal.siemens.com/productcert/html/ssa-081142.html