February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS : Schneider Electric EcoStruxure and SCADAPack
September 20, 2021Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
September 20, 2021Rewterz Threat Advisory – ICS : Schneider Electric EcoStruxure and SCADAPack
September 20, 2021Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
September 20, 2021
Severity
High
Analysis Summary
CVE-2021-37173
The affected devices have an exposure of sensitive information vulnerability that could allow an authenticated attacker to extract data via Secure Shell (SSH).
CVE-2021-37174
The affected devices have a privilege escalation vulnerability that could allow an attacker to gain root user access.
CVE-2021-37175
The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the overview of the complete file system on the affected devices.
Impact
- Unauthorized Access
Affected Vendors
- Siemens
Affected Products
- RUGGEDCOM ROX MX5000: All versions prior to v2.14.1
- RUGGEDCOM ROX RX1400: All versions prior to v2.14.1
- RUGGEDCOM ROX RX1500: All versions prior to v2.14.1
- RUGGEDCOM ROX RX1501: All versions prior to v2.14.1
- RUGGEDCOM ROX RX1510: All versions prior to v2.14.1
- RUGGEDCOM ROX RX1511: All versions prior to v2.14.1
- RUGGEDCOM ROX RX1512: All versions prior to v2.14.1
- RUGGEDCOM ROX RX1524: All versions prior to v2.14.1
- RUGGEDCOM ROX RX1536: All versions prior to v2.14.1
- RUGGEDCOM ROX RX5000: All versions prior to v2.14.1
Remediation
Refer to ICS Advisory for the patch, upgrade, or suggested workaround information.