SSA-973901

Siemens Security Advisory by Siemens ProductCERT

SSA-973901: Arbitrary File Disclosure Vulnerability in Ruggedcom Rox Before V2.17.1

Publication Date:	2026-05-12
Last Update:	2026-05-12
Current Version:	V1.0
CVSS v3.1 Base Score:	6.8
CVSS v4.0 Base Score:	6.1

SUMMARY

Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem.

Siemens has released new versions for the affected products and recommends to update to the latest versions.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
RUGGEDCOM ROX II family	Show more details
RUGGEDCOM ROX MX5000 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX MX5000RE All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX RX1400 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX RX1500 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX RX1501 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX RX1510 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX RX1511 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX RX1512 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX RX1524 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX RX1536 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/
RUGGEDCOM ROX RX5000 All versions < V2.17.1 affected by CVE-2025-40948	Update to V2.17.1 or later version https://support.industry.siemens.com/cs/ww/en/view/110002017/

MITIGATIONS

Product-specific remediations or mitigations can be found in the section Known Affected Products.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

RUGGEDCOM Ethernet switches are used to operate reliably in electrical harsh and climatically demanding environments such as electric utility substations and traffic control cabinets.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2025-40948

Affected devices do not properly validate input in the web server's JSON-RPC interface.

This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges.

CVSS v3.1 Base Score	6.8
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVSS v4.0 Base Score	6.1
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
CWE	CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ACKNOWLEDGMENTS

Siemens thanks the following party for its efforts:

Emmanuel Zhou, Rick Wyble, Mehemt Balta, and Adam Robbie from Palo Alto Networks OT Threat Research Lab for reporting the vulnerability

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2026-05-12):

Publication Date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.