CVE-2025-33023 PUBLISHED

Assigner: siemens
Reserved: 15.04.2025 Published: 12.08.2025 Updated: 12.08.2025

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
CVSS Score: 4.1

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	High	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
CVSS Score: 5.1

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	Low
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	Siemens
Product	RUGGEDCOM ROX MX5000
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX MX5000RE
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX RX1400
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX RX1500
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX RX1501
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX RX1510
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX RX1511
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX RX1512
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX RX1524
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX RX1536
Versions	Default: unknown affected from 0 to * (excl.)

Vendor	Siemens
Product	RUGGEDCOM ROX RX5000
Versions	Default: unknown affected from 0 to * (excl.)

References

https://cert-portal.siemens.com/productcert/html/ssa-665108.html

Problem Types

CWE-434: Unrestricted Upload of File with Dangerous Type CWE