Multiple Vulnerabilities in RUGGEDCOM ROX

Plan Patch8.8SSA-150692Sep 14, 2021

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in RUGGEDCOM ROX network devices allow an attacker with low-level access to execute arbitrary commands and traverse the filesystem, potentially gaining root-level access to the system. Affected products include MX5000 and RX-series models (RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000). The vulnerabilities involve improper privilege management (CWE-269, CWE-250) and insufficient access controls (CWE-280).

What this means

What could happen

An attacker with valid credentials or network access to a RUGGEDCOM ROX switch could run arbitrary commands as root, gaining full control over the device and potentially disrupting network connectivity to critical OT assets like PLCs, RTUs, and field devices that depend on it for communication.

Who's at risk

Water utilities and electric utilities operating RUGGEDCOM ROX managed switches (MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) for industrial control system networking. These devices are critical to network infrastructure connecting PLCs, RTUs, remote terminals, and field devices.

How it could be exploited

An attacker must first gain login credentials or network access to the management interface of the RUGGEDCOM ROX device. Once authenticated or connected, the attacker can inject commands through the vulnerable input handlers or use filesystem traversal to access restricted files and escalate privileges to root. Root access allows the attacker to modify device configuration, redirect traffic, or disable the switch entirely.

Prerequisites

Valid login credentials to the RUGGEDCOM ROX management interface or network connectivity to an unauthenticated exposed port
Device running a firmware version prior to V2.14.1
Low-privileged user account (not necessarily root)

Remotely exploitableLow authentication complexity (requires valid credentials)Privilege escalation to rootAffects network infrastructureNo patch available yet (as of advisory date, but vendor fix exists)

Exploitability

Moderate exploit probability (EPSS 1.6%)

Affected products (10)

10 with fix

ProductAffected VersionsFix Status

RUGGEDCOM ROX MX5000< V2.14.12.14.1

RUGGEDCOM ROX RX1400< V2.14.12.14.1

RUGGEDCOM ROX RX1500< V2.14.12.14.1

RUGGEDCOM ROX RX1501< V2.14.12.14.1

RUGGEDCOM ROX RX1510< V2.14.12.14.1

RUGGEDCOM ROX RX1511< V2.14.12.14.1

RUGGEDCOM ROX RX1512< V2.14.12.14.1

RUGGEDCOM ROX RX1524< V2.14.12.14.1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the management interface (SSH/HTTPS) to authorized engineering workstations only using firewall rules

HARDENINGEnforce strong credentials for all ROX device accounts and remove any default or shared passwords

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all RUGGEDCOM ROX devices to firmware version 2.14.1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate management traffic for RUGGEDCOM ROX devices from general plant network

CVEs (3)

CVE-2021-37173 CVE-2021-37174 CVE-2021-37175

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2fab8313-bc09-47fd-9a66-f27180c34ea4