A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Link | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03 | third party advisory us government resource |
| https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf | vendor advisory |
| http://www.securityfocus.com/bid/105545 | third party advisory vdb entry |