Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-56838

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.

Published

2025-12-09T16:17:29.120

Last Modified

2025-12-11T15:58:07.083

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Primary
CWE-74

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	ruggedcom_rox_ii_firmware	< 2.17.0	Yes
Hardware	siemens	ruggedcom_rox_ii	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-912274.html Vendor Advisory ([email protected])