June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Lazarus aka Hidden Cobra APT Group – Active IOCs
December 20, 2024
Supply Chain Attack on Rspack npm Packages Vulnerable to Crypto Mining Malware
December 20, 2024
Lazarus aka Hidden Cobra APT Group – Active IOCs
December 20, 2024
Supply Chain Attack on Rspack npm Packages Vulnerable to Crypto Mining Malware
December 20, 2024
Severity
High
Analysis Summary
CVE-2020-28398 CVSS:8.8
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to cross-site request forgery (CSRF).
CVE-2024-49775 CVSS:9.8
Siemens Opcenter Execution Foundation, SIMATIC PCS and TIA Portal buffer overflow is vulnerable to heap-based buffer overflow, caused by improper bounds checking. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-48949 CVSS:8.4
Siemens SIMATIC could allow a local authenticated attacker to execute arbitrary code on the system, caused by a deserialization vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-52335 CVSS:9.8
A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.
Impact
- Gain Access
- Code Execution
- Buffer Overflow
- Data Manipulation
Indicators of Compromise
CVE
- CVE-2020-28398
- CVE-2024-49775
- CVE-2024-48949
- CVE-2024-52335
Affected Vendors
Siemens
Affected Products
- Siemens Opcenter Quality
- Siemens RUGGEDCOM ROX MX5000
- Siemens RUGGEDCOM ROX MX5000RE
- Siemens RUGGEDCOM ROX RX1400
- Siemens RUGGEDCOM ROX RX1500
- Siemens Opcenter Execution Foundation
- Siemens Opcenter Intelligence
- Siemens Opcenter RDL
- Siemens SIMATIC S7-PLCSIM V16
- Siemens SIMATIC S7-PLCSIM V17
- Siemens SIMATIC STEP 7 Safety V16
- Siemens SIMATIC STEP 7 Safety V17
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.