Full Report
Ruggedcom ROX familly contain multiple vulnerabilities before V2.17.0 Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Ruggedcom ROX II Family
## CVE Details
This advisory covers multiple vulnerabilities. Key identifiers include:
- **CVE ID:** CVE-2022-37434 (zlib), CVE-2024-52533 (GLib), CVE-2022-37032 (FRRouting), CVE-2022-27223 (Linux Kernel), and others.
- **CVSS Score:** Up to 9.8 (Critical)
- **CWE:** CWE-787 (Out-of-bounds Write), CWE-125 (Out-of-bounds Read), CWE-415 (Double Free), CWE-20 (Improper Input Validation), CWE-78 (OS Command Injection).
## Affected Systems
- **Products:** RUGGEDCOM ROX II family, RUGGEDCOM ROX MX5000.
- **Versions:** All versions prior to V2.17.0.
- **Configurations:** Systems utilizing specific features like USB gadget drivers, BGP routing (FRRouting), or Python/zlib libraries for data processing.
## Vulnerability Description
The RUGGEDCOM ROX II software stack incorporates various third-party and open-source components (Linux Kernel, GnuPG, FRRouting, zlib, Python) that contain security flaws.
- **Memory Corruption:** Heap-based buffer overflows in zlib (CVE-2022-37434) and GLib (CVE-2024-52533) can allow remote code execution.
- **Kernel Flaws:** Multiple issues in the Linux kernel relate to improper array index validation and use-after-free errors in USB and network drivers.
- **Service Disruption:** An out-of-bounds read in the BGP daemon (CVE-2022-37032) can cause a DoS (segmentation fault) via malformed capability messages.
- **Command Injection:** The `less` utility mishandles shell quoting, potentially allowing OS command injection (CVE-2022-48624).
## Exploitation
- **Status:** PoC available for several included CVEs (e.g., CVE-2022-30594, CVE-2022-34903).
- **Complexity:** Ranges from Low to High depending on the specific component.
- **Attack Vector:** Network (for zlib, FRRouting, and GLib flaws) and Local (for Kernel and shell injection flaws).
## Impact
- **Confidentiality:** High (Potential for data leakage and kernel memory access).
- **Integrity:** High (Potential for unauthorized command execution and system modification).
- **Availability:** High (System crashes, DoS of routing services).
## Remediation
### Patches
- Siemens recommends updating all affected RUGGEDCOM ROX II devices to **V2.17.0** or later.
### Workarounds
- Limit network access to the device management interfaces and routing services to trusted traffic only.
- Disable unused services or protocols (e.g., specific USB drivers or BGP if not required).
## Detection
- **Indicators of Compromise:** Unexpected system reboots, segmentation faults in `bgpd`, or unauthorized system configuration changes.
- **Detection methods and tools:** Use Network Intrusion Detection Systems (NIDS) to monitor for malformed BGP capability messages or oversized Gzip headers. Periodically audit system logs for shell injection attempts.
## References
- **Vendor Advisory:** hxxps://cert-portal.siemens.com/productcert/pdf/ssa-202008.pdf
- **Siemens ProductCERT:** hxxps://www.siemens.com/cert/advisories
- **Terms of Use:** hxxps://www.siemens.com/productcert/terms-of-use