Siemens RUGGEDCOM ROX I

Plan Patch8.8ICS-CERT ICSA-17-087-01Mar 28, 2017

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens RUGGEDCOM ROX I contains multiple vulnerabilities in privilege escalation, cross-site scripting (XSS), cross-site request forgery (CSRF), and DOM-based XSS. All versions are affected. The vulnerabilities are remotely exploitable with low skill level required and can be exploited by an authenticated attacker with low-privilege credentials.

What this means

What could happen

An attacker with low-privilege access to the ROX I web interface could escalate privileges, inject malicious scripts to capture credentials or alter configuration, or forge unauthorized requests to modify device settings that control network traffic or security rules.

Who's at risk

Operators of Siemens RUGGEDCOM ROX I industrial cellular routers and network security appliances used in electric utilities, water systems, and manufacturing facilities for secure remote site connectivity should assess their exposure.

How it could be exploited

An attacker gains initial access to the ROX I management interface (typically with low-privilege user credentials or obtained through phishing/default credentials), then exploits privilege escalation or CSRF vulnerabilities to perform unauthorized actions such as creating administrative accounts, disabling security features, or redirecting network traffic.

Prerequisites

Network access to ROX I management web interface (typically port 80/443)
Valid low-privilege user credentials for the device
Device configured with web management enabled

remotely exploitablelow complexityno patch availableaffects network infrastructure and remote access

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM ROX I: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to the ROX I management interface using firewall rules; limit web management access to authorized engineering workstations and VPN connections only

HARDENINGAudit and enforce strong, unique credentials for all ROX I user accounts; disable any default or shared credentials

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Siemens support to obtain the mitigation tool for ROX I-based products via support.industry.siemens.com or the ASPA application portal

Mitigations - no patch available

0/2

RUGGEDCOM ROX I: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGDisable web-based management on the ROX I if not actively required; use serial console or out-of-band management as alternative

HARDENINGImplement network segmentation to isolate the ROX I management interface from untrusted networks

CVEs (5)

CVE-2017-2686 CVE-2017-2687 CVE-2017-2688 CVE-2017-2689 CVE-2017-6864

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/745c4ee4-e6d0-4f5f-a6e3-63b1d87735c7