Siemens Ruggedcom Rox

MEDIUM

CVSS 6.8

Date 2026-05-14T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem. Siemens has released new versions for the affected products and recommends to update to the latest versions.

// Vulnerabilities (1)

CVE ID	CVSS Score	Severity	Description
CVE-2025-40948	6.8	medium	CVE-2025-40948. Affected devices do not properly validate input in the web server's JSON-RPC interface. This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges.

// Remediations (1)

Patch: Update to V2.17.1 or later version

Update to V2.17.1 or later version

// References

CISA ICSA-26-134-02
CISA https://cert-portal.siemens.com/productcert/csaf/ssa-973901.json
CISA https://cert-portal.siemens.com/productcert/html/ssa-973901.html
CISA https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-134-02.json
CISA https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-02
CISA https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01
CISA https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
CISA https://www.cisa.gov/topics/industrial-control-systems
CISA https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
CISA https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
CISA https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b