CVE-2025-40947 – Siemens Ruggedcom ROX Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in several Ruggedcom ROX products, all versions prior to V2.17.1. The issue arises from improper input validation during the feature key installation process, which could enable an authenticated remote attacker to inject arbitrary commands. This exploitation would result in remote code execution with root privileges on the underlying operating system.

Impact

Exploitation of this vulnerability allows for remote code execution with root privileges on the affected device's operating system.

Remediation

Siemens has released new versions for the affected products. Users are advised to update to the latest versions. For general security recommendations, Siemens suggests protecting network access to devices with appropriate measures and configuring the environment according to Siemens' operational guidelines for Industrial Security.

Added: May 12, 2026, 10:35 AM

Updated: May 12, 2026, 10:35 AM

Affected Products

Siemens RUGGEDCOM ROX MX5000

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_mx5000:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

Siemens RUGGEDCOM ROX MX5000RE

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:*:*:*:*:*:*:*

0 remedies

Siemens RUGGEDCOM ROX RX1400

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_rx1400:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

Siemens RUGGEDCOM ROX RX1500

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_rx1500:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

Siemens RUGGEDCOM ROX RX1501

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_rx1501:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

Siemens RUGGEDCOM ROX RX1510

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_rx1510:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

Siemens RUGGEDCOM ROX RX1511

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_rx1511:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

Siemens RUGGEDCOM ROX RX1512

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_rx1512:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

Siemens RUGGEDCOM ROX RX1524

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_rx1524:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

Siemens RUGGEDCOM ROX RX1536

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_rx1536:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

Siemens RUGGEDCOM ROX RX5000

0 remedies

cpe:2.3:h:siemens:ruggedcom_rox_rx5000:*:*:*:*:*:*:*, +1 more

0 remedies

< V2.17.1

CVSS Scores

volerion

8.7

CVSS 4.0

8.7

High

volerion

8.8

CVSS 3.1

8.8

High

Vendor

7.7

CVSS 4.0

7.7

High

Vendor

7.5

CVSS 3.1

7.5

High

Click a row to open the calculator.

References

https://cert-portal.siemens.com/productcert/html/ssa-078743.html

AdvisoryRemedyVendor

Showing 1-1 of 1 references

Siemens Ruggedcom ROX Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens RUGGEDCOM ROX MX5000

Siemens RUGGEDCOM ROX MX5000RE

Siemens RUGGEDCOM ROX RX1400

Siemens RUGGEDCOM ROX RX1500

Siemens RUGGEDCOM ROX RX1501

Siemens RUGGEDCOM ROX RX1510

Siemens RUGGEDCOM ROX RX1511

Siemens RUGGEDCOM ROX RX1512

Siemens RUGGEDCOM ROX RX1524

Siemens RUGGEDCOM ROX RX1536

Siemens RUGGEDCOM ROX RX5000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating