OTPulse
FeedAboutContact

Siemens RUGGEDCOM ROX

Plan Patch7.2ICS-CERT ICSA-22-195-05Jul 12, 2022
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

RUGGEDCOM ROX devices contain a command injection vulnerability in administrative functions that allows an attacker with administrator credentials to execute arbitrary shell commands with root privileges. This affects the MX5000/MX5000RE and RX series of industrial-grade network switches used for secure, redundant communications in power plants, water utilities, and manufacturing facilities.

What this means
What could happen
An attacker with administrative access to a RUGGEDCOM ROX device could inject shell commands and gain root-level control, potentially allowing them to modify network settings, intercept traffic, or disrupt connectivity for critical infrastructure systems.
Who's at risk
Operators of critical infrastructure networks using Siemens RUGGEDCOM ROX devices (MX5000/MX5000RE series and RX1400/RX1500/RX1510/RX1511/RX1512/RX1524/RX1536/RX5000 series) for network access and management in utility, industrial, and manufacturing environments.
How it could be exploited
An attacker with valid administrator credentials can inject arbitrary shell commands through an unvalidated input field. The commands are executed with root privileges, giving the attacker full control over the device's operating system and services.
Prerequisites
  • Valid administrator credentials for the RUGGEDCOM ROX device
  • Network access to the device's management interface (SSH, web interface, or NETCONF)
  • Knowledge of the command injection vector (specific input field not disclosed in advisory)
Remotely exploitable via SSH or web management interfaceRequires high-privilege credentials (administrator access)Low complexity attack once credentials are obtainedHigh impact (root-level code execution)Affects network infrastructure devices in critical systems
Exploitability
Low exploit probability (EPSS 1.0%)
Affected products (11)
11 with fix
ProductAffected VersionsFix Status
RUGGEDCOM ROX MX5000<2.15.12.15.1
RUGGEDCOM ROX MX5000RE<2.15.12.15.1
RUGGEDCOM ROX RX1400<2.15.12.15.1
RUGGEDCOM ROX RX1500<2.15.12.15.1
RUGGEDCOM ROX RX1501<2.15.12.15.1
RUGGEDCOM ROX RX1510<2.15.12.15.1
RUGGEDCOM ROX RX1511<2.15.12.15.1
RUGGEDCOM ROX RX1512<2.15.12.15.1
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict administrative account privileges to only users who require management access
WORKAROUNDApply firewall rules to restrict network access to SSH (port 22), web interface (port 443), and NETCONF (port 830) only from authorized management networks or jump hosts
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all RUGGEDCOM ROX MX and RX family devices to firmware version 2.15.1 or later
Long-term hardening
0/2
HARDENINGSegment RUGGEDCOM ROX devices from business networks using air-gapped networks or restrictive firewall rules
HARDENINGIf remote access is required, implement VPN access with multi-factor authentication to the management interface
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/13556185-b74d-4537-a59d-9a0faf3fc31e
Siemens RUGGEDCOM ROX | CVSS 7.2 - OTPulse