PT-2023-4064 · Siemens · Ruggedcom Rox Rx1500+8

Published

2023-06-21

·

Updated

2023-07-18

·

CVE-2023-36390

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX MX5000 versions prior to V2.16.0 RUGGEDCOM ROX MX5000RE versions prior to V2.16.0 RUGGEDCOM ROX RX1400 versions prior to V2.16.0 RUGGEDCOM ROX RX1500 versions prior to V2.16.0 RUGGEDCOM ROX RX1501 versions prior to V2.16.0 RUGGEDCOM ROX RX1510 versions prior to V2.16.0 RUGGEDCOM ROX RX1511 versions prior to V2.16.0 RUGGEDCOM ROX RX1512 versions prior to V2.16.0 RUGGEDCOM ROX RX1524 versions prior to V2.16.0 RUGGEDCOM ROX RX1536 versions prior to V2.16.0 RUGGEDCOM ROX RX5000 versions prior to V2.16.0
Description A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application. This could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the action parameters. The vulnerability is related to the lack of protection of the web page structure when processing parameter values.
Recommendations For RUGGEDCOM ROX MX5000 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX MX5000RE versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1400 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1500 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1501 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1510 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1511 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1512 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1524 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX1536 versions prior to V2.16.0, update to version V2.16.0 or later. For RUGGEDCOM ROX RX5000 versions prior to V2.16.0, update to version V2.16.0 or later.

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2023-04362
CVE-2023-36390

Affected Products

Ruggedcom Rox Mx5000
Ruggedcom Rox Rx1400
Ruggedcom Rox Rx1500
Ruggedcom Rox Rx1501
Ruggedcom Rox Rx1510
Ruggedcom Rox Rx1511
Ruggedcom Rox Rx1512
Ruggedcom Rox Rx1524
Ruggedcom Rox Rx1536