CNNVD-202512-1592 Information

CNNVD ID

CNNVD-202512-1592

Related CVE

CVE-2024-56836

• CNNVD Published: 2025-12-09

Description (Chinese)

Siemens RUGGEDCOM ROX II是德国Siemens公司的一款面向工业应用的操作系统。 Siemens RUGGEDCOM ROX II V2.17.0之前版本存在命令注入漏洞，该漏洞源于Dynamic DNS配置存在参数注入，可能导致获取root权限。

Description (English)

Siemens RUGEDCOM ROX II is an operating system for industrial applications by Siemens Germany. The pre-Siemens RUGEDCOM ROX II V2.17.0 version contains a command-injecting loophole, which originates from the input of the Dynamic DNS configuration presence, which may lead to the acquisition of root privileges.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

西门子

Published

2025-12-09

Last Modified

2026-02-24

References

https://cert-portal.siemens.com/productcert/html/ssa-912274.html

Patch

https://support.industry.siemens.com/cs/document/109997648/-firmware-download-for-ruggedcom-rox-2-17-0?lc=en-ww