Multiple Vulnerabilities in RUGGEDCOM ROX Before V2.17

Plan Patch8.8SSA-912274Dec 9, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM ROX devices (MX5000, RX1400, RX1500 series, RX5000) before firmware version 2.17.0 contain multiple high-severity vulnerabilities related to improper control of a generated message (CWE-74) and improper neutralization of special elements used in a command (CWE-77). These weaknesses could allow an authenticated attacker to execute arbitrary commands or manipulate system behavior on the network device.

What this means

What could happen

An authenticated attacker could execute commands on RUGGEDCOM ROX network devices, potentially compromising connectivity and control of critical network segments in industrial facilities. This could disrupt communication between substations, plants, or remote sites.

Who's at risk

Water and electric utilities operating RUGGEDCOM ROX network devices (especially RX1400/RX1500/RX5000 managed switches and MX5000 industrial routers used for SCADA network segmentation or remote site connectivity). Facilities relying on these devices for secure communication between control centers, substations, and distributed assets are affected.

How it could be exploited

An attacker with valid login credentials (engineering user or administrator account) connects to the ROX device's management interface and exploits CWE-74/CWE-77 flaws to inject malicious commands. These commands execute with device privileges, allowing manipulation of network routing, filtering rules, or system configuration that could isolate critical OT assets or redirect traffic.

Prerequisites

Valid user credentials (engineering account or higher privilege level)
Network access to the ROX device management interface (likely port 443 HTTPS or SSH port 22)
ROX firmware version below 2.17.0

Requires valid credentials (authenticated attack)Low attack complexityHigh impact on confidentiality, integrity, and availabilityAffects network infrastructure used in critical infrastructure

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (11)

11 with fix

ProductAffected VersionsFix Status

RUGGEDCOM ROX MX5000< 2.17.02.17.0

RUGGEDCOM ROX MX5000RE< 2.17.02.17.0

RUGGEDCOM ROX RX1400< 2.17.02.17.0

RUGGEDCOM ROX RX1500< 2.17.02.17.0

RUGGEDCOM ROX RX1501< 2.17.02.17.0

RUGGEDCOM ROX RX1510< 2.17.02.17.0

RUGGEDCOM ROX RX1511< 2.17.02.17.0

RUGGEDCOM ROX RX1512< 2.17.02.17.0

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM ROX firmware to version 2.17.0 or later

CVEs (6)

CVE-2024-56835 CVE-2024-56836 CVE-2024-56837 CVE-2024-56838 CVE-2024-56839 CVE-2024-56840

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ed9cd8d3-8aed-4c2c-9394-8bb94ce22f1c