Multiple Vulnerabilities in RUGGEDCOM ROX before V2.16
Act Now9.8SSA-146325Jul 11, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple critical vulnerabilities exist in RUGGEDCOM ROX devices (firmware versions before V2.16.0). The vulnerabilities include weak cryptographic implementations, missing input validation, command injection flaws, buffer overflows, missing authentication controls, and certificate validation bypasses. These stem from eight third-party library vulnerabilities (OpenSSL, curl, and related components). An attacker with network access could achieve remote code execution, bypass authentication, intercept encrypted communications, or cause denial of service without requiring valid credentials or user interaction.
What this means
What could happen
An attacker with network access to a RUGGEDCOM ROX device could execute arbitrary code, bypass authentication, intercept traffic, or cause the device to stop responding. This could result in loss of connectivity for critical network segments or compromise of industrial control systems.
Who's at risk
Industrial network operators who deploy RUGGEDCOM ROX switches and routers for critical infrastructure, utilities, and manufacturing. Affected equipment includes managed switches (MX5000, RX5000 series) and industrial routers (RX1400-RX1536 series) used in power distribution, water systems, oil and gas, and telecom networks.
How it could be exploited
An attacker on the network could send a specially crafted request to an unpatched RUGGEDCOM ROX device to exploit one of the embedded vulnerabilities (weak cryptography, command injection, buffer overflow, missing authentication checks, or certificate validation bypass). Successful exploitation allows remote code execution or credential bypass without user interaction.
Prerequisites
- Network access to the RUGGEDCOM ROX device (typically port 80, 443, or Ethernet-based management)
- Device must be running firmware version before V2.16.0
- No user credentials required for exploitation of most vulnerabilities
Remotely exploitableNo authentication required for most exploitsLow complexity attackHigh EPSS score (41.2%)Multiple critical vulnerabilities bundledAffects industrial networking equipment
Exploitability
High exploit probability (EPSS 41.2%)
Affected products (11)
11 with fix
ProductAffected VersionsFix Status
RUGGEDCOM ROX MX5000< V2.16.02.16.0
RUGGEDCOM ROX MX5000RE< V2.16.02.16.0
RUGGEDCOM ROX RX1400< V2.16.02.16.0
RUGGEDCOM ROX RX1500< V2.16.02.16.0
RUGGEDCOM ROX RX1501< V2.16.02.16.0
RUGGEDCOM ROX RX1510< V2.16.02.16.0
RUGGEDCOM ROX RX1511< V2.16.02.16.0
RUGGEDCOM ROX RX1512< V2.16.02.16.0
Remediation & Mitigation
0/3
Do now
0/2HARDENINGRestrict network access to RUGGEDCOM ROX devices to authorized management workstations only using firewall rules or network segmentation
HARDENINGMonitor for unusual connections or commands to RUGGEDCOM ROX devices while patches are being deployed
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate all RUGGEDCOM ROX devices (MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000 series) to firmware version 2.16.0 or later
CVEs (21)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d3d7614c-b28f-4290-af5e-ca19fef70ce5