CVE-2021-41546 : A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.

Published 2021-10-12 10:15:13

Updated 2022-08-12 16:30:05

Source Siemens AG

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-41546

Siemens » Ruggedcom Rox Mx5000 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Mx5000 » Version: N/A
Siemens » Ruggedcom Rox Rx1400 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Rx1400 » Version: N/A
Siemens » Ruggedcom Rox Rx1500 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Rx1500 » Version: N/A
Siemens » Ruggedcom Rox Rx1501 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Rx1501 » Version: N/A
Siemens » Ruggedcom Rox Rx1510 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Rx1510 » Version: N/A
Siemens » Ruggedcom Rox Rx1511 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Rx1511 » Version: N/A
Siemens » Ruggedcom Rox Rx1512 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Rx1512 » Version: N/A
Siemens » Ruggedcom Rox Rx5000 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Rx5000 » Version: N/A
Siemens » Ruggedcom Rox Rx1524 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Rx1524 » Version: N/A
Siemens » Ruggedcom Rox Rx1536 Firmware
Versions before (<) 2.14.1
cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Rox Rx1536 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-41546

EPSS FAQ

0.55%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-41546

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-41546

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: productcert@siemens.com (Secondary)
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-41546

https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf

Vendor Advisory

Jump to

Vulnerability Details : CVE-2021-41546

Products affected by CVE-2021-41546

Exploit prediction scoring system (EPSS) score for CVE-2021-41546

CVSS scores for CVE-2021-41546

CWE ids for CVE-2021-41546

References for CVE-2021-41546