CNNVD-202512-1590 Information

CNNVD ID

CNNVD-202512-1590

Related CVE

CVE-2024-56838

• CNNVD Published: 2025-12-09

Description (Chinese)

Siemens RUGGEDCOM ROX II是德国Siemens公司的一款面向工业应用的操作系统。 Siemens RUGGEDCOM ROX II V2.17.0之前版本存在注入漏洞，该漏洞源于SCEP客户端字段验证不足，可能导致执行任意代码。

Description (English)

Siemens RUGEDCOM ROX II is an operating system for industrial applications by Siemens Germany. There was an injection loophole in the pre-Siemens RUGEDCOM ROX II V2.17.0, which resulted from inadequate validation of SCEP client fields, which could lead to the implementation of any code.

Hazard Level

Medium

Vulnerability Type

注入

Affected Vendor

西门子

Published

2025-12-09

Last Modified

2026-02-24

References

https://cert-portal.siemens.com/productcert/html/ssa-912274.html

Patch

https://support.industry.siemens.com/cs/document/109997648/-firmware-download-for-ruggedcom-rox-2-17-0?lc=en-ww