Siemens RUGGEDCOM ROS

MonitorCVSS 4.3ICS-CERT ICSA-26-015-05Dec 9, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Ruggedcom ROS devices contain a denial of service vulnerability that could allow an attacker with legitimate credentials to crash and restart the device. Siemens has released updated versions to address this issue.

What this means

What could happen

An attacker with valid login credentials could crash a Ruggedcom switch, temporarily interrupting network connectivity to connected industrial equipment until the device restarts.

Who's at risk

Network operators managing Siemens Ruggedcom ROS industrial switches (RMC8388, RS416, RS900, RSG, RSL, RST series) should prioritize this update. These switches are commonly used in electric utilities, water systems, and manufacturing facilities to connect PLCs, RTUs, and other critical equipment.

How it could be exploited

An attacker with valid user credentials logs into the Ruggedcom device's management interface and triggers a denial of service condition that causes the device to crash and reboot, disrupting network connectivity to dependent equipment.

Prerequisites

Valid user credentials for the Ruggedcom device
Network access to the device management interface (typically SSH or web console)

Affects critical network infrastructureRequires valid credentials to exploitCould cause temporary loss of communication to industrial equipment

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (21)

21 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RMC8388 V5.X< 5.10.15.10.1

RUGGEDCOM RS416Pv2 V5.X< 5.10.15.10.1

RUGGEDCOM RS416v2 V5.X< 5.10.15.10.1

RUGGEDCOM RS900 (32M) V5.X< 5.10.15.10.1

RUGGEDCOM RS900G (32M) V5.X< 5.10.15.10.1

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all Ruggedcom ROS devices to firmware version 5.10.1 or later

CVEs (1)

CVE-2025-40935

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/63039924-f60a-4876-ad0b-f8758e05aaa0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.