Siemens RUGGEDCOM ROX II Command Injection Vulnerability in Web Interface Ping Tool

A command injection vulnerability has been identified in the web interface of several RUGGEDCOM ROX II devices, all versions prior to 2.16.5. The issue arises in the 'ping' tool, which lacks proper server-side input validation. This vulnerability could enable an authenticated remote attacker to execute arbitrary code with root privileges on the affected device.

Impact

Exploitation of this vulnerability allows authenticated remote attackers to execute arbitrary code with root privileges on the affected device.

Remediation

Users are advised to update to version 2.16.5 or later. For more information, visit the Siemens Industry Support page.