Siemens Siemens ROS#

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-08.json strong View CSAF /strong /a /p h2 Summary /h2 p strong ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts service. Siemens has released a new version for ROS# and recommends to update to the latest version. /strong /p p The following versions of Siemens Siemens ROS# are affected: /p ul li ROS# vers:intdot/ lt;2.2.2 /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.1 /td td Siemens /td td Siemens Siemens ROS# /td td Relative Path Traversal /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-41551 /a /h3 div class= csaf-accordion-content p Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-41551 View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens Siemens ROS# /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Siemens /div div class= ics-version strong Product Version: /strong br ROS# /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br For versions before 2.2.2: - run file_server on a trusted network only. - run file_server with appropriate user rights. - run file_server only for tasks it was designed for, transferring URDF files from ROS host to target system, not as a service that runs continuously in the background. - run file_server only if manually transferring files is not possible. /p p strong Vendor fix /strong br Update to V2.2.2 or later version br a href= https://github.com/siemens/ros-sharp/releases/tag/2.2.2 https://github.com/siemens/ros-sharp/releases/tag/2.2.2 /a /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/23.html CWE-23 Relative Path Traversal /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= st