Siemens RUGGEDCOM ROX II

Plan Patch8.8ICS-CERT ICSA-26-015-11Dec 9, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM ROX II devices before version 2.17.0 contain multiple high-severity vulnerabilities related to improper control of dynamically managed code execution (CWE-74) and improper neutralization of special elements used in a command (CWE-77). These weaknesses could allow an authenticated attacker to execute arbitrary commands or code on the device.

What this means

What could happen

An authenticated attacker could execute arbitrary commands on RUGGEDCOM ROX II devices, potentially allowing them to modify network routing configurations, compromise communication integrity, or disrupt network operations in critical infrastructure environments.

Who's at risk

Water utilities and electric utilities using Siemens RUGGEDCOM ROX II industrial routers for network communication and redundancy in critical control system networks. This affects organizations that rely on these devices for connecting field equipment, RTUs, PLCs, and SCADA systems across geographic locations.

How it could be exploited

An attacker with valid credentials to the device management interface could inject malicious code or commands that exploit the improper input handling in command processing. The attacker could leverage the dynamically managed code execution vulnerability to run arbitrary code with device privileges.

Prerequisites

Valid credentials for device management interface or engineering access
Network access to the RUGGEDCOM ROX II device management port (typically port 80/443 for web interface or SSH port 22)

Remotely exploitable over networkRequires authenticated accessLow attack complexityHigh integrity and availability impactAffects network infrastructure in critical systems

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM ROX II family< 2.17.02.17.0

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM ROX II devices to firmware version 2.17.0 or later

CVEs (6)

CVE-2024-56835 CVE-2024-56836 CVE-2024-56837 CVE-2024-56838 CVE-2024-56839 CVE-2024-56840

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d65b80d2-ab47-4746-9c35-88ae95919e1b