Siemens RUGGEDCOM ROS

Monitor4.3ICS-CERT ICSA-26-015-05Dec 9, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens RUGGEDCOM ROS network devices (industrial switches and routers) contain an input validation flaw (CWE-20) that allows an authenticated attacker to cause a temporary denial of service by crashing and restarting the device. The vulnerability affects 21 RUGGEDCOM models running firmware version 5.X prior to 5.10.1. Siemens has released firmware version 5.10.1 as a fix for all affected products.

What this means

What could happen

An attacker with network access and valid credentials could crash and restart RUGGEDCOM ROS network devices, causing temporary loss of connectivity and potential process interruption across connected systems.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators running Siemens RUGGEDCOM ROS industrial-grade network switches and routers in their control networks. These devices are commonly deployed as network infrastructure for PLCs, RTUs, and other field devices in substations, water treatment facilities, and distribution systems.

How it could be exploited

An attacker with valid credentials and network access to the management interface sends a specially crafted input that triggers improper input validation, causing the device to become unresponsive. The device then restarts automatically, temporarily disconnecting it from the network.

Prerequisites

Valid credentials for device management interface
Network access to the management interface (typically port 80/443 or SSH port 22)
Knowledge of valid user account on the device

Remotely exploitableRequires valid credentialsLow complexity attackAffects network availability in critical systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (21)

21 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RMC8388 V5.X< 5.10.15.10.1

RUGGEDCOM RS416Pv2 V5.X< 5.10.15.10.1

RUGGEDCOM RS416v2 V5.X< 5.10.15.10.1

RUGGEDCOM RS900 (32M) V5.X< 5.10.15.10.1

RUGGEDCOM RS900G (32M) V5.X< 5.10.15.10.1

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to device management interfaces using firewall rules—only permit access from authorized engineering workstations and network management systems

HARDENINGEnforce strong, unique credentials on all RUGGEDCOM devices and implement password management practices

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected RUGGEDCOM ROS devices to firmware version 5.10.1 or later

Long-term hardening

0/1

HARDENINGSegment RUGGEDCOM management traffic on a separate network or VLAN away from critical process networks

CVEs (1)

CVE-2025-40935

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/63039924-f60a-4876-ad0b-f8758e05aaa0