February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
October 15, 2021Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-R Series
October 15, 2021Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
October 15, 2021Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-R Series
October 15, 2021
Severity
High
Analysis Summary
CVE-2021-41546
Siemens RUGGEDCOM ROX Devices are vulnerable to a denial of service, caused by an improper checking of disk space when writing the crash-dumps. A remote attacker could exploit this vulnerability to fill the entire root file system to cause the device fail to boot.
CVE-2021-22801
Schneider Electric CNM could allow a local attacker to execute arbitrary commands on the system, caused by improper privilege management. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Denial of Service
- Command Execution
Affected Vendors
- Siemens
Affected Products
- Siemens RUGGEDCOM ROX MX5000 2.14.0
- Siemens RUGGEDCOM ROX RX1400 2.14.0
- Siemens RUGGEDCOM ROX RX1500 2.14.0
- Siemens RUGGEDCOM ROX RX1501 2.14.0
- Siemens RUGGEDCOM ROX RX1510 2.14.0
- Siemens RUGGEDCOM ROX RX1511 2.14.0
- Siemens RUGGEDCOM ROX RX1512 2.14.0
- Siemens RUGGEDCOM ROX RX1524 2.14.0
- Siemens RUGGEDCOM ROX RX1536 2.14.0
- Siemens RUGGEDCOM ROX RX5000 2.14.0
- Schneider Electric ConneXium Network Manager
Remediation
Refer to Schneider Advisory for patch, upgrade, or suggested workaround information.
CVE-2021-41546
CVE-2021-22801