CVE-2023-36748:

5.9 CVSS

Description

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over to and from the affected device.

Classification

CVE ID: CVE-2023-36748

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.9

Affected Products

Vendor: Siemens

Product: RUGGEDCOM ROX MX5000

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.11% (probability of being exploited)

EPSS Percentile: 46.35% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf

Timeline

2024-11-28 00:11:29 UTC
CVE