Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Siemens Subscribe
Filtered by product Rox Ii Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13801 1 Siemens 2 Rox Ii, Rox Ii Firmware 2019-10-09 9.0 HIGH 8.8 HIGH
A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.
CVE-2018-13802 1 Siemens 2 Rox Ii, Rox Ii Firmware 2019-10-09 9.0 HIGH 7.2 HIGH
A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device.