CISA 2026-05-14

Siemens Ruggedcom Rox

CVE-2025-40948

Machine-generated analysis · WAYSCloud LLM

An authenticated attacker can read arbitrary files from the underlying OS filesystem via the web server's JSON-RPC interface. The advisory explicitly states these devices are used in critical manufacturing.

Context

Siemens Ruggedcom Rox is a product line of rugged networking equipment designed for industrial environments. The advisory describes an improper access control vulnerability in the web server's JSON-RPC interface that allows authenticated remote attackers to read arbitrary files with root privileges. The advisory specifically notes that these devices are deployed in critical manufacturing sectors worldwide. The vulnerability is tracked as CVE-2025-40948 with a CVSS v3 score of 6.8.

Operator considerations

Check: Inventory for affected Ruggedcom Rox devices running versions prior to V2.17.1
Patch: Update all affected devices to V2.17.1 or later

From Cybersecurity and Infrastructure Security Agency ↗

Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens Ruggedcom Rox are affected:

RUGGEDCOM ROX MX5000 vers:intdot/

Read the full advisory on CISA →