CVE-2017-6864

Name of the Vulnerable Software and Affected Versions Siemens RUGGEDCOM ROX I (all versions)

Description The integrated web server could allow an authenticated user to perform stored Cross-Site Scripting attacks. This issue is related to the web server listening on port 10000/TCP.

Recommendations For all versions, consider restricting access to the integrated web server at port 10000/TCP to minimize the risk of exploitation. As a temporary workaround, limit the privileges of authenticated users who have access to the web server until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.