Arbitrary File Upload Vulnerability in RUGGEDCOM ROX II
Monitor4.1SSA-665108Aug 12, 2025
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
RUGGEDCOM ROX II devices do not properly enforce limitations on the type and size of files that can be uploaded through their web management interface. An attacker with legitimate high-privilege credentials (administrator or engineer account) can upload arbitrary files to the device filesystem, potentially leading to unauthorized modification of device configuration, code injection, or operational disruption. Siemens has stated that fixes are being prepared but are not yet available for any of the affected models.
What this means
What could happen
An attacker with engineering or administrative credentials could upload malicious files to the device's filesystem, potentially allowing modification of device configuration, injection of code, or disruption of network communication on the device.
Who's at risk
Water utilities, electric utilities, and critical infrastructure operators deploying RUGGEDCOM ROX II industrial routers (MX5000, RX1400–RX1512, RX5000 series) in remote site networking and resilient control architectures should be concerned. These devices provide WAN connectivity and failover capability for distributed SCADA, RTU, and field device networks.
How it could be exploited
An attacker with valid high-privilege web interface credentials (e.g., administrator or engineer account) accesses the web management interface of the device and uploads arbitrary files through the web upload function. Because the device does not properly validate file types or sizes, the attacker can bypass intended restrictions and write files to the filesystem.
Prerequisites
- Valid high-privilege web interface credentials (administrator or engineer account)
- Network access to the web management interface on the RUGGEDCOM ROX II device (typically port 443 HTTPS or 80 HTTP)
- Device must be accessible from the attacker's network or the attacker must have compromised a legitimate user account
No authentication required to exploit (requires valid high-privilege credentials only)Low complexity attack (file upload is a standard web feature)No patch available for all affected modelsAffects industrial network infrastructure used to manage remote sites and critical operationsRemotely exploitable if device is reachable on corporate network or DMZ
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (11)
11 EOL
ProductAffected VersionsFix Status
RUGGEDCOM ROX RX1400All versionsNo fix (EOL)
RUGGEDCOM ROX RX1500All versionsNo fix (EOL)
RUGGEDCOM ROX RX1501All versionsNo fix (EOL)
RUGGEDCOM ROX RX1510All versionsNo fix (EOL)
RUGGEDCOM ROX RX1511All versionsNo fix (EOL)
RUGGEDCOM ROX RX1512All versionsNo fix (EOL)
RUGGEDCOM ROX RX1524All versionsNo fix (EOL)
RUGGEDCOM ROX RX1536All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDRestrict network access to the web management interface of RUGGEDCOM ROX II devices using firewall rules or network segmentation—limit access to authorized engineering workstations and control center networks only
HARDENINGImplement strong access controls and multi-factor authentication for all web interface accounts on RUGGEDCOM ROX II devices to reduce the risk of credential compromise
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor audit logs on RUGGEDCOM ROX II devices for unexpected file uploads or changes to the filesystem
HOTFIXApply vendor patches when Siemens releases fix versions for RUGGEDCOM ROX II
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000, RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE. Apply the following compensating controls:
HARDENINGFollow Siemens operational security guidelines and isolate RUGGEDCOM ROX II devices in a protected industrial network environment separate from corporate IT
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6154618d-d1a9-4354-bb02-471e5ebf78f4