Siemens RUGGEDCOM ROX (Update A)

Plan PatchCVSS 8.8ICS-CERT ICSA-21-259-01Sep 14, 2021

Siemens

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in Siemens RUGGEDCOM ROX devices including command injection, filesystem traversal, and improper privilege management (CWE-269, CWE-250, CWE-280). Affected models include MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 running firmware versions below 2.14.1. These vulnerabilities could allow an authenticated attacker to escalate privileges to root and take full control of the device, including manipulation of network traffic, routing decisions, and access controls. Siemens has released firmware version 2.14.1 addressing all identified issues.

What this means

What could happen

An attacker with network access could exploit multiple vulnerabilities to gain root access to Siemens RUGGEDCOM ROX routing and security devices, potentially allowing them to intercept, modify, or block network traffic critical to your industrial operations.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Siemens RUGGEDCOM ROX industrial-grade routing and security devices (MX5000 and RX series) for network segmentation and critical control system connectivity should assess their exposure. These devices protect network boundaries in industrial control system architectures.

How it could be exploited

An attacker with valid user credentials and network access to the device (via SSH, web interface, or management port) could inject commands into input fields or traverse the filesystem to escalate privileges to root. Once root access is obtained, the attacker could manipulate network routing, intercept communications between control systems, or disrupt device operation entirely.

Prerequisites

Network access to the RUGGEDCOM ROX device management interface (SSH, web interface, or Telnet)
Valid user account credentials (non-administrative account sufficient due to privilege escalation vulnerabilities)
Device running firmware version earlier than v2.14.1

remotely exploitablerequires valid credentialslow complexity attackaffects network infrastructure critical to operationsprivilege escalation possible

Exploitability

Some exploitation risk — EPSS score 1.6%

Affected products (10)

10 with fix

ProductAffected VersionsFix Status

RUGGEDCOM ROX MX5000<V2.14.12.14.1

RUGGEDCOM ROX RX1400<V2.14.12.14.1

RUGGEDCOM ROX RX1500<V2.14.12.14.1

RUGGEDCOM ROX RX1501<V2.14.12.14.1

RUGGEDCOM ROX RX1510<V2.14.12.14.1

RUGGEDCOM ROX RX1511<V2.14.12.14.1

RUGGEDCOM ROX RX1512<V2.14.12.14.1

RUGGEDCOM ROX RX1524<V2.14.12.14.1

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGApply principle of least privilege: configure user accounts with minimum required permissions and avoid administrative access for routine operations

WORKAROUNDRestrict network access to device management interfaces using firewall rules or access control lists; limit management access to specific trusted administrator workstations or networks only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected RUGGEDCOM ROX devices to firmware version 2.14.1 or later

Long-term hardening

0/2

HARDENINGIsolate RUGGEDCOM ROX devices from the business network and ensure they are not reachable from the Internet

HARDENINGRequire VPN with multi-factor authentication for any remote administrative access to these devices

CVEs (3)

CVE-2021-37173 CVE-2021-37174 CVE-2021-37175

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ec4e5f15-4fec-49ec-b1d0-0fc7738b83aa

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.