ID
VAR-202412-0442
CVE
CVE-2020-28398
TITLE
Siemens RUGGEDCOM ROX II Cross-Site Request Forgery Vulnerability
Trust: 0.6
DESCRIPTION
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to cross-site request forgery (CSRF). This could allow an attacker to read or modify the device configuration by tricking an authenticated legitimate user into accessing a malicious link. RUGGEDCOM ROX II is a ROX-based VPN endpoint and firewall device used to connect devices operating in harsh environments, such as power substations and traffic control cabinets
Trust: 1.44
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | ruggedcom rox mx5000 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox mx5000re | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1400 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1500 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1501 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1510 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1511 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1512 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1524 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx1536 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
| vendor: | siemens | model: | ruggedcom rox rx5000 | scope: | lt | version: | v2.16.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.0 |
PATCH
| title: | Patch for Siemens RUGGEDCOM ROX II Cross-Site Request Forgery Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/639416 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-28398 | Trust: 1.6 |
| db: | SIEMENS | id: | SSA-384652 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2024-47914 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-384652.html | Trust: 1.6 |
SOURCES
| db: | CNVD | id: | CNVD-2024-47914 |
| db: | NVD | id: | CVE-2020-28398 |
LAST UPDATE DATE
2024-12-13T23:23:40.895000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-47914 | date: | 2024-12-12T00:00:00 |
| db: | NVD | id: | CVE-2020-28398 | date: | 2024-12-10T14:15:18.320 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-47914 | date: | 2024-12-12T00:00:00 |
| db: | NVD | id: | CVE-2020-28398 | date: | 2024-12-10T14:15:18.320 |