CVE-2025-33024 – Siemens RUGGEDCOM ROX II Command Injection Vulnerability in Web Interface tcpdump Tool

Vulnerability

Patched

A command injection vulnerability has been identified in the web interface of several RUGGEDCOM ROX II devices, all versions prior to 2.16.5. The issue arises in the 'tcpdump' tool, which is vulnerable due to inadequate server-side input validation. This flaw could enable an authenticated remote attacker to execute arbitrary code with root privileges on the affected device.

Impact

Exploitation of this vulnerability allows authenticated remote attackers to execute arbitrary code with root privileges on the affected device.

Remediation

Users are advised to update to version 2.16.5 or later. For more information, visit the Siemens Industry Support page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Affected Products

Siemens RUGGEDCOM ROX MX5000

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_mx5000:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX MX5000RE

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:*:*:*:*:*:*:*

0 remedies

Siemens RUGGEDCOM ROX RX1400

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1400:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1500

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1500:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1501

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1501:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1510

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1510:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1511

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1511:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1512

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1512:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1524

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1524:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1536

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1536:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX5000

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx5000:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

CVSS Scores

volerion

9.4

CVSS 4.0

9.4

Critical

volerion

9.1

CVSS 3.1

9.1

Critical

Vendor

9.4

CVSS 4.0

9.4

Critical

Vendor

9.9

CVSS 3.1

9.9

Critical

Click a row to open the calculator.

References

https://cert-portal.siemens.com/productcert/html/ssa-301229.html

AdvisoryBundleRemedyVendor

Showing 1-1 of 1 references

Siemens RUGGEDCOM ROX II Command Injection Vulnerability in Web Interface tcpdump Tool

Vulnerability

Impact

Remediation

Affected Products

Siemens RUGGEDCOM ROX MX5000

Siemens RUGGEDCOM ROX MX5000RE

Siemens RUGGEDCOM ROX RX1400

Siemens RUGGEDCOM ROX RX1500

Siemens RUGGEDCOM ROX RX1501

Siemens RUGGEDCOM ROX RX1510

Siemens RUGGEDCOM ROX RX1511

Siemens RUGGEDCOM ROX RX1512

Siemens RUGGEDCOM ROX RX1524

Siemens RUGGEDCOM ROX RX1536

Siemens RUGGEDCOM ROX RX5000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating