Skip to main content

Ruggedcom Rox Mx5000

3 CVEs product

Monthly

CVE-2025-40949 HIGH CISA Act Now

Command injection in Siemens RUGGEDCOM ROX industrial router series allows high-privileged authenticated remote attackers to execute arbitrary commands with root privileges on the underlying operating system. Affects all MX5000/MX5000RE/RX1400/RX1500/RX1501/RX1510/RX1511/RX1512/RX1524/RX1536/RX5000 models running firmware versions below V2.17.1. The vulnerability exists in the Scheduler functionality of the Web UI due to improper input sanitization (CWE-78). CVSS v4.0 score of 8.9 reflects high impact across confidentiality, integrity, and availability with network attack vector but requires high-privilege authentication. No public exploit identified at time of analysis, and EPSS data not available for this recently published CVE.

Command Injection Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re Ruggedcom Rox Rx1400 Ruggedcom Rox Rx1500 +7
NVD
CVSS 4.0
8.9
EPSS
0.2%
CVE-2025-40948 MEDIUM CISA This Month

Authenticated remote attackers can read arbitrary files from the operating system filesystem with root privileges on affected RUGGEDCOM ROX devices due to improper input validation in the JSON-RPC web server interface. All versions of ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 below V2.17.1 are affected. No public exploit code has been identified at time of analysis.

Information Disclosure Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re Ruggedcom Rox Rx1400 Ruggedcom Rox Rx1500 +7
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2025-40947 HIGH CISA Act Now

Command injection in Siemens RUGGEDCOM ROX industrial network devices enables authenticated remote attackers to execute arbitrary commands with root privileges during feature key installation. The vulnerability affects multiple ROX product lines (MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) running firmware versions below V2.17.1. While exploitation requires low-level authentication and higher attack complexity (CVSS 4.0: AV:N/AC:H/PR:L), successful exploitation grants complete control over critical industrial network infrastructure. No public exploit identified at time of analysis, and EPSS data not available for this recently disclosed vulnerability.

Command Injection RCE Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re Ruggedcom Rox Rx1400 +8
NVD
CVSS 4.0
7.7
EPSS
0.2%
EPSS 0% CVSS 8.9
HIGH Act Now

Command injection in Siemens RUGGEDCOM ROX industrial router series allows high-privileged authenticated remote attackers to execute arbitrary commands with root privileges on the underlying operating system. Affects all MX5000/MX5000RE/RX1400/RX1500/RX1501/RX1510/RX1511/RX1512/RX1524/RX1536/RX5000 models running firmware versions below V2.17.1. The vulnerability exists in the Scheduler functionality of the Web UI due to improper input sanitization (CWE-78). CVSS v4.0 score of 8.9 reflects high impact across confidentiality, integrity, and availability with network attack vector but requires high-privilege authentication. No public exploit identified at time of analysis, and EPSS data not available for this recently published CVE.

Command Injection Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re +9
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Authenticated remote attackers can read arbitrary files from the operating system filesystem with root privileges on affected RUGGEDCOM ROX devices due to improper input validation in the JSON-RPC web server interface. All versions of ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 below V2.17.1 are affected. No public exploit code has been identified at time of analysis.

Information Disclosure Ruggedcom Rox Mx5000 Ruggedcom Rox Mx5000Re +9
NVD
EPSS 0% CVSS 7.7
HIGH Act Now

Command injection in Siemens RUGGEDCOM ROX industrial network devices enables authenticated remote attackers to execute arbitrary commands with root privileges during feature key installation. The vulnerability affects multiple ROX product lines (MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) running firmware versions below V2.17.1. While exploitation requires low-level authentication and higher attack complexity (CVSS 4.0: AV:N/AC:H/PR:L), successful exploitation grants complete control over critical industrial network infrastructure. No public exploit identified at time of analysis, and EPSS data not available for this recently disclosed vulnerability.

Command Injection RCE Ruggedcom Rox Mx5000 +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy