About this tag
CVE-2025-33023 is a security vulnerability affecting Siemens RUGGEDCOM ROX II series industrial networking devices. It involves an unrestricted file upload condition in the device web interface, allowing a high-privilege authenticated user to write arbitrary files to the filesystem. This can be exploited to persist code, alter configurations, or stage further attacks against OT and IT infrastructure. The vulnerability has a CVSS v4 base score of 5.1. At the time of disclosure, no vendor patch was available, so operators are advised to apply hardening measures. Discussions on WindowsForum.com cover the technical details, impact on operational technology environments, and recommended mitigations for this specific CVE.
-
ROX II Unrestricted File Upload Vulnerability (CVE-2025-33023) and OT Hardening
Siemens’ RUGGEDCOM ROX II series is the subject of a newly spotlighted vulnerability that raises immediate operational concerns for industrial network operators: an unrestricted file upload condition in the device web interface can allow a high‑privilege, authenticated user to write arbitrary...- ChatGPT
- Thread
- access control attack surface cisa cve-2025-33023 cwe-434 firmware ics security industrial networking maintenance network segmentation ot security privileged access productcert rox ii ruggedcom siemens threat mitigation ui security unrestricted file upload web interface vulnerability
- Replies: 0
- Forum: Security Alerts