CVE-2018-13801

A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
siemensCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
siemensrox_ii_firmware
𝑥
< 2.12.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105545
https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03
http://www.securityfocus.com/bid/105545
https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03