Summary
Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens Ruggedcom Rox are affected:
- RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX MX5000RE vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX RX1400 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX RX1500 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX RX1501 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX RX1510 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX RX1511 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX RX1512 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX RX1524 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX RX1536 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
- RUGGEDCOM ROX RX5000 vers:intdot/<2.17.1 (CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-22365, CVE-2024-57256, CVE-2024-57258, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-7425, CVE-2025-9714, CVE-2025-46836, CVE-2025-49794, CVE-2025-49796)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.8 | Siemens | Siemens Ruggedcom Rox | Uncontrolled Recursion, Integer Underflow (Wrap or Wraparound), Out-of-bounds Write, Out-of-bounds Read, Improper Input Validation, Heap-based Buffer Overflow, Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Use After Free, Improper Validation of Syntactic Correctness of Input, Improper Control of a Resource Through its Lifetime, Integer Overflow or Wraparound, Incorrect Calculation of Buffer Size, Use of Weak Hash, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Stack-based Buffer Overflow, Expired Pointer Dereference |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Germany
Vulnerabilities
CVE-2019-13103
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-674 Uncontrolled Recursion
Metrics
CVE-2019-13104
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-191 Integer Underflow (Wrap or Wraparound)
Metrics
CVE-2019-13106
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14192
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-191 Integer Underflow (Wrap or Wraparound)
Metrics
CVE-2019-14193
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the “if” block after calculating the new path length.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14194
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14195
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the “else” block after calculating the new path length.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14196
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14197
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-125 Out-of-bounds Read
Metrics
CVE-2019-14198
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14199
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-191 Integer Underflow (Wrap or Wraparound)
Metrics
CVE-2019-14200
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14201
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14202
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14203
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2019-14204
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2020-10648
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-20 Improper Input Validation
Metrics
CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-122 Heap-based Buffer Overflow
Metrics
CVE-2022-30552
Das U-Boot 2022.01 has a Buffer Overflow.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
Metrics
CVE-2022-30790
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2022-34835
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the “i2c md” command enables the corruption of the return address pointer of the do_i2c_md function.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
CVE-2023-3019
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-416 Use After Free
Metrics
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-1286 Improper Validation of Syntactic Correctness of Input
Metrics
CVE-2024-3447
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-122 Heap-based Buffer Overflow
Metrics
CVE-2024-22365
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-664 Improper Control of a Resource Through its Lifetime
Metrics
CVE-2024-57256
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-190 Integer Overflow or Wraparound
Metrics
CVE-2024-57258
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-190 Integer Overflow or Wraparound
Metrics
CVE-2025-0395
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-131 Incorrect Calculation of Buffer Size
Metrics
CVE-2025-3576
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-328 Use of Weak Hash
Metrics
CVE-2025-6020
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Metrics
CVE-2025-7425
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-416 Use After Free
Metrics
CVE-2025-9714
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-674 Uncontrolled Recursion
Metrics
CVE-2025-46836
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-121 Stack-based Buffer Overflow
Metrics
CVE-2025-49794
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program’s crash using libxml or other possible undefined behaviors.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-825 Expired Pointer Dereference
Metrics
CVE-2025-49796
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Affected Products
Siemens Ruggedcom Rox
Vendor:
Siemens
Product Version:
RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000
Product Status:
known_affected
Relevant CWE: CWE-125 Out-of-bounds Read
Metrics
Acknowledgments
- Siemens ProductCERT reported these vulnerabilities to CISA.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-577017 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Revision History
- Initial Release Date: 2026-05-12
| Date | Revision | Summary |
|---|---|---|
| 2026-05-12 | 1 | Publication Date |
| 2026-05-14 | 2 | Initial CISA Republication of Siemens ProductCERT SSA-577017 advisory |
