Cross-Site Request Forgery (CSRF) Vulnerability in RUGGEDCOM ROX II
Plan Patch8.8SSA-384652Dec 10, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
A cross-site request forgery (CSRF) vulnerability exists in the CLI feature of the web management interface of RUGGEDCOM ROX II industrial switches. An authenticated administrator can be tricked into visiting a malicious webpage that executes arbitrary administrative commands on the affected device without the administrator's knowledge. The vulnerability affects RUGGEDCOM ROX MX5000, MX5000RE, and RX-series devices (RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) running firmware versions prior to 2.16.0.
What this means
What could happen
An attacker could trick an authorized administrator into visiting a malicious webpage and perform administrative commands on the RUGGEDCOM device (such as changing network settings, user accounts, or routing configuration) without the administrator's knowledge or consent.
Who's at risk
Water utilities and electric utilities using RUGGEDCOM ROX II industrial switches (MX5000, RX1400/1500/1501/1510/1511/1512/1524/1536, RX5000 series) for network infrastructure in control systems and communication networks. These devices are commonly deployed at substations, water treatment plants, and distribution facilities.
How it could be exploited
An attacker creates a malicious webpage containing a hidden request that targets the RUGGEDCOM web interface CLI feature. When an authenticated administrator visits this webpage, the browser automatically sends the attacker's crafted request to the device using the administrator's existing session, allowing the attacker to execute commands as if the administrator made the request.
Prerequisites
- Administrator must be logged into the RUGGEDCOM web interface
- Administrator must visit an attacker-controlled webpage while authenticated
- Attacker must know or be able to guess a valid CLI command
remotely exploitablerequires user interaction (administrator social engineering)high CVSS score (8.8)affects network infrastructure devices used in OT environments
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (11)
11 with fix
ProductAffected VersionsFix Status
RUGGEDCOM ROX MX5000< V2.16.02.16.0
RUGGEDCOM ROX MX5000RE< V2.16.02.16.0
RUGGEDCOM ROX RX1400< V2.16.02.16.0
RUGGEDCOM ROX RX1500< V2.16.02.16.0
RUGGEDCOM ROX RX1501< V2.16.02.16.0
RUGGEDCOM ROX RX1510< V2.16.02.16.0
RUGGEDCOM ROX RX1511< V2.16.02.16.0
RUGGEDCOM ROX RX1512< V2.16.02.16.0
Remediation & Mitigation
0/3
Do now
0/1HARDENINGEducate administrators to avoid clicking untrusted links or visiting unknown websites while authenticated to the RUGGEDCOM management interface
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate all affected RUGGEDCOM ROX II devices to firmware version 2.16.0 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to restrict access to RUGGEDCOM management interfaces to a dedicated administrative network or VPN
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/49c451b2-6c86-43d1-91e2-cba265f18dfd