Description
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-665108.html
Scores
CVSS v3
4.1
EPSS
0.0007
EPSS Percentile
20.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-434
Status
published
Products (11)
Siemens/RUGGEDCOM ROX MX5000
Siemens/RUGGEDCOM ROX MX5000RE
Siemens/RUGGEDCOM ROX RX1400
Siemens/RUGGEDCOM ROX RX1500
Siemens/RUGGEDCOM ROX RX1501
Siemens/RUGGEDCOM ROX RX1510
Siemens/RUGGEDCOM ROX RX1511
Siemens/RUGGEDCOM ROX RX1512
Siemens/RUGGEDCOM ROX RX1524
Siemens/RUGGEDCOM ROX RX1536
... and 1 more
Published
Aug 12, 2025
Tracked Since
Feb 18, 2026