PT-2023-5818 · Siemens · Ruggedcom Rox Rx1500+8
Published
2023-06-21
·
Updated
2023-07-18
·
CVE-2023-36748
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
RUGGEDCOM ROX MX5000 versions prior to V2.16.0
RUGGEDCOM ROX MX5000RE versions prior to V2.16.0
RUGGEDCOM ROX RX1400 versions prior to V2.16.0
RUGGEDCOM ROX RX1500 versions prior to V2.16.0
RUGGEDCOM ROX RX1501 versions prior to V2.16.0
RUGGEDCOM ROX RX1510 versions prior to V2.16.0
RUGGEDCOM ROX RX1511 versions prior to V2.16.0
RUGGEDCOM ROX RX1512 versions prior to V2.16.0
RUGGEDCOM ROX RX1524 versions prior to V2.16.0
RUGGEDCOM ROX RX1536 versions prior to V2.16.0
RUGGEDCOM ROX RX5000 versions prior to V2.16.0
Description
A vulnerability has been identified in the RUGGEDCOM ROX series devices, where they are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device. The vulnerability is related to the use of weak encryption, which may allow a remote attacker to perform a man-in-the-middle attack.
Recommendations
For RUGGEDCOM ROX MX5000 versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX MX5000RE versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX RX1400 versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX RX1500 versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX RX1501 versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX RX1510 versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX RX1511 versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX RX1512 versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX RX1524 versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX RX1536 versions prior to V2.16.0, update to version V2.16.0 or later.
For RUGGEDCOM ROX RX5000 versions prior to V2.16.0, update to version V2.16.0 or later.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruggedcom Rox Mx5000
Ruggedcom Rox Rx1400
Ruggedcom Rox Rx1500
Ruggedcom Rox Rx1501
Ruggedcom Rox Rx1510
Ruggedcom Rox Rx1511
Ruggedcom Rox Rx1512
Ruggedcom Rox Rx1524
Ruggedcom Rox Rx1536