Full Report
RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the devices. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Arbitrary File Upload in RUGGEDCOM ROX II Web Interface
## CVE Details
- CVE ID: CVE-2025-33023
- CVSS Score: 4.1 (CVSS v3.1) / 5.1 (CVSS v4.0) (Low/Medium)
- CWE: CWE-434: Unrestricted Upload of File with Dangerous Type
## Affected Systems
- Products: RUGGEDCOM ROX II family, RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, RUGGEDCOM ROX RX5000.
- Versions: All versions affected.
- Configurations: Requires an attacker to possess a legitimate, highly privileged account on the device's web interface.
## Vulnerability Description
The RUGGEDCOM ROX II devices fail to properly enforce limitations on the type and size of files uploaded via the web interface. This flaw allows a remote, authenticated attacker with high privileges to upload arbitrary files directly onto the device's filesystem.
## Exploitation
- Status: Not explicitly stated as exploited in the wild (implied risk).
- Complexity: Low (CVSS v3.1/v4.0 specifies AC:L / AT:N). The attack requires prior credentials.
- Attack Vector: Network (AV:N) remote. The exploitation requires prior successful authentication (PR:H).
## Impact
- Confidentiality: No Impact (C:N in CVSS 3.1 vector)
- Integrity: Low Impact (I:L in CVSS 3.1 vector) - Sensitive to arbitrary file manipulation/replacement.
- Availability: No Impact (A:N in CVSS 3.1 vector, VA:N in CVSS 4.0 vector)
## Remediation
### Patches
- No specific fix versions containing the patch are listed as currently available in the provided context for any affected products. Siemens is preparing fix versions.
### Workarounds
- Restrict highly privileged accounts access to the web interface and manage access within a highly protected IT environment.
- Configure the environment according to Siemens' operational guidelines for Industrial Security (found at `https://www.siemens.com/cert/operational-guidelines-industrial-security`).
- Follow recommendations outlined in the product manuals.
## Detection
- The advisory does not detail specific IoCs or detection methods other than application of the provided workarounds. Detection should focus on monitoring successful authenticated file uploads via the web interface from unexpected sources or using unauthorized file types/sizes.
## References
- Vendor Advisories: SSA-665108
- Relevant links - defanged:
- Siemens Industrial Security Information: `https://www.siemens.com/industrialsecurity`
- Siemens Operational Guidelines URL: `https://www.siemens.com/cert/operational-guidelines-industrial-security`
- Siemens ProductCERT Advisories: `https://www.siemens.com/cert/advisories`