BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·20d ago

Siemens Ruggedcom Rox

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-12.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and recommends to update to the latest versions. /strong /p p The following versions of Siemens Ruggedcom Rox are affected: /p ul li RUGGEDCOM ROX MX5000 vers:intdot/ lt;2.17.1 nbsp; /li li RUGGEDCOM ROX MX5000RE vers:intdot/ lt;2.17.1 nbsp; /li li RUGGEDCOM ROX RX1400 vers:intdot/ lt;2.17.1 nbsp; /li li RUGGEDCOM ROX RX1500 vers:intdot/ lt;2.17.1 /li li RUGGEDCOM ROX RX1501 vers:intdot/ lt;2.17.1 nbsp; /li li RUGGEDCOM ROX RX1510 vers:intdot/ lt;2.17.1 nbsp; /li li RUGGEDCOM ROX RX1511 vers:intdot/ lt;2.17.1 nbsp; /li li RUGGEDCOM ROX RX1512 vers:intdot/ lt;2.17.1 nbsp; /li li RUGGEDCOM ROX RX1524 vers:intdot/ lt;2.17.1 nbsp; /li li RUGGEDCOM ROX RX1536 vers:intdot/ lt;2.17.1 nbsp; /li li RUGGEDCOM ROX RX5000 vers:intdot/ lt;2.17.1 nbsp; /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.1 /td td Siemens /td td Siemens Ruggedcom Rox /td td Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-40949 /a /h3 div class="csaf-accordion-content" p Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend. This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-40949" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens Ruggedcom Rox /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-12

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin