CVE-2025-33025 – Siemens RUGGEDCOM ROX II Command Injection Vulnerability in Traceroute Tool Allowing Privileged Code Execution

Vulnerability

Patched

A command injection vulnerability has been identified in the web interface of several RUGGEDCOM ROX II devices, all versions prior to 2.16.5. The vulnerability arises from inadequate server-side input validation in the 'traceroute' tool, allowing authenticated remote attackers to execute arbitrary code with root privileges on the affected devices.

Impact

Exploitation of this vulnerability could lead to authenticated remote attackers executing arbitrary code with root privileges on the affected devices.

Remediation

Users are advised to update to version 2.16.5 or later. For more information, visit the Siemens Industry Support page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Affected Products

Siemens RUGGEDCOM ROX MX5000

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_mx5000:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX MX5000RE

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:*:*:*:*:*:*:*

0 remedies

Siemens RUGGEDCOM ROX RX1400

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1400:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1500

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1500:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1501

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1501:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1510

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1510:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1511

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1511:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1512

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1512:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1524

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1524:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX1536

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx1536:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

Siemens RUGGEDCOM ROX RX5000

Moderate fix1 remedy

cpe:2.3:h:siemens:ruggedcom_rox_rx5000:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< V2.16.5

CVSS Scores

volerion

8.6

CVSS 4.0

8.6

High

volerion

7.2

CVSS 3.1

7.2

High

Vendor

9.4

CVSS 4.0

9.4

Critical

Vendor

9.9

CVSS 3.1

9.9

Critical

Click a row to open the calculator.

References

https://cert-portal.siemens.com/productcert/html/ssa-301229.html

AdvisoryBundleRemedyVendor

Showing 1-1 of 1 references

Siemens RUGGEDCOM ROX II Command Injection Vulnerability in Traceroute Tool Allowing Privileged Code Execution

Vulnerability

Impact

Remediation

Affected Products

Siemens RUGGEDCOM ROX MX5000

Siemens RUGGEDCOM ROX MX5000RE

Siemens RUGGEDCOM ROX RX1400

Siemens RUGGEDCOM ROX RX1500

Siemens RUGGEDCOM ROX RX1501

Siemens RUGGEDCOM ROX RX1510

Siemens RUGGEDCOM ROX RX1511

Siemens RUGGEDCOM ROX RX1512

Siemens RUGGEDCOM ROX RX1524

Siemens RUGGEDCOM ROX RX1536

Siemens RUGGEDCOM ROX RX5000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating