Vulnerability Description
A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Rox Ii Firmware | < 2.12.1 |
| Siemens | Rox Ii | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105545Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/105545Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-13802?
CVE-2018-13802 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute ...
How severe is CVE-2018-13802?
CVE-2018-13802 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-13802?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Rox Ii Firmware, Siemens Rox Ii.