CVE-2023-36749:

7.4 CVSS

Description

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.

Classification

CVE ID: CVE-2023-36749

CVSS Base Severity: HIGH

CVSS Base Score: 7.4

Affected Products

Vendor: Siemens

Product: RUGGEDCOM ROX MX5000

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.11% (probability of being exploited)

EPSS Percentile: 46.35% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf

Timeline

2024-11-28 00:11:29 UTC
CVE