CVE-2024-56838 | THREATINT

Description

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.

PUBLISHED Reserved 2025-01-03 | Published 2025-12-09 | Updated 2025-12-09 | Assigner siemens

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Product status

Default status

unknown

Any version before V2.17.0

affected

References

cert-portal.siemens.com/productcert/html/ssa-912274.html

cve.org (CVE-2024-56838)

nvd.nist.gov (CVE-2024-56838)

Download JSON