Command Injection Vulnerability in RUGGEDCOM ROX
Plan Patch7.2SSA-599506Jul 12, 2022
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
RUGGEDCOM ROX devices are affected by a command injection vulnerability (CWE-77) in the web interface that could allow an attacker with administrative privileges to execute arbitrary commands and gain root access to the device.
What this means
What could happen
An administrator or someone with admin credentials could inject commands into the device's web interface to execute arbitrary code with root privileges, potentially taking full control of the network switch and disrupting critical communications or VLAN configurations in your industrial network.
Who's at risk
Network switch operators and industrial network engineers at utilities and manufacturing facilities running RUGGEDCOM ROX series switches (MX5000, RX1400-1536, RX5000 series). These devices are commonly used in substation networks, power distribution, and process control environments where network integrity is critical.
How it could be exploited
An attacker with administrative access to the RUGGEDCOM ROX web interface can craft malicious input containing shell metacharacters in a command field to break out of the intended command context and execute arbitrary system commands as root.
Prerequisites
- Valid administrative credentials to access the web management interface
- Network access to the RUGGEDCOM ROX device's web management port (typically port 80 or 443)
- Ability to reach the device from your network (may be internal-only depending on configuration)
Requires administrative credentialsLow complexity attackHigh impact if exploited (root access)Common device in utility networks
Exploitability
Low exploit probability (EPSS 1.0%)
Affected products (11)
11 with fix
ProductAffected VersionsFix Status
RUGGEDCOM ROX MX5000< 2.15.12.15.1
RUGGEDCOM ROX MX5000RE< 2.15.12.15.1
RUGGEDCOM ROX RX1400< 2.15.12.15.1
RUGGEDCOM ROX RX1500< 2.15.12.15.1
RUGGEDCOM ROX RX1501< 2.15.12.15.1
RUGGEDCOM ROX RX1510< 2.15.12.15.1
RUGGEDCOM ROX RX1511< 2.15.12.15.1
RUGGEDCOM ROX RX1512< 2.15.12.15.1
Remediation & Mitigation
0/4
Do now
0/3HARDENINGRestrict administrative access to RUGGEDCOM ROX web interface to authorized personnel and specific IP addresses or network segments only
HARDENINGEnforce strong, unique administrative credentials on all RUGGEDCOM ROX devices and rotate passwords regularly
WORKAROUNDDisable remote web management access if not operationally required; use local console access for administration
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate all affected RUGGEDCOM ROX devices to firmware version 2.15.1 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4aeeb992-8139-485e-9fcf-541a90dca0fa